15 REGULATIONS. 4 CONTINENTS. ONE EVALUATION. — Colorado SB 26-189 (Jan 1, 2027) · EU AI Act (Phased) · NYC LL144 · SR 11-7 · Texas · California · South Korea · UK · China · GDPR — View all →
AVAAS · Agentic AI Risk Checklist

Your agent acts on its own. The question is whether it can be steered past its guard rails.

Answer a few questions about what your AI agent can do and what it loads. We map it against the controls a safe agentic deployment needs and show you where the gaps are, at the point the agent acts.

Free About 2 minutes No signup Private
This is a risk read, not a certification or legal advice. It shows where an agent that loads third-party tools or skills can be walked past its own controls, and what closes the gap.
What your agent does Step 1 of 2
What can your agent do on its own, without a human in the loop?

Select all that apply.

Does your agent load third-party skills, tools, or plugins?

Skills are code packages that extend what an agent can do, similar to apps on a phone.

Does your agent act on content it did not generate?

Web pages, emails, documents, tool responses, or user uploads it reads and then acts on.

Is there a human approval gate before consequential or irreversible actions?
Does the agent run with least-privilege, scoped permissions?

Only the access it needs for the task, rather than broad standing access.

Have you tested whether an installed skill or a tool response can bypass the agent's guard rails?
Have you tested the agent against hidden instructions in the content it processes?

Prompt injection, where text in a page or document tries to make the agent act.

Are all agent actions logged in a way you could show a regulator or reconstruct after an incident?
Has an independent third party verified how the agent behaves at the point it acts?
Keep going, all free
Two more ways to see where you stand

Exposure guidance shows the pressure. Certification is the evidence.

These free tools show you where you stand. AVAAS gives you documented, third-party evidence you can put in front of a regulator, a court, or a customer.

Certify Your AI →