# $20 MCP / Agent Tool-Use Security Audit

## Promise

I review one MCP server prompt, agent tool-use policy, custom GPT action spec, or automation agent workflow and return a safer prompt/tool contract within 24 hours.

## Best Fit

This is for builders shipping agents that can:

- Call tools.
- Spend money or move funds.
- Read/write files.
- Query APIs.
- Use MCP servers.
- Trigger automations.

## What I Check

1. Tool permission boundaries.
2. Confirmation rules before irreversible actions.
3. Budget, rate, and destination allowlists.
4. Behavior when a tool schema changes.
5. Prompt-injection and indirect-injection handling.
6. Missing-context escalation.
7. Audit-log and provenance requirements.

## Delivery

You get:

- A rewritten agent/tool-use prompt.
- Five security risk notes.
- Five adversarial test cases.
- A pre-launch checklist.

## Intake

Send:

1. Current prompt or tool-use policy.
2. List of tools/MCP servers/actions.
3. What the agent can change, spend, send, or delete.
4. Current confirmation flow.
5. Any budget/allowlist limits.
6. One example of the agent doing the right thing.

## Price

$20 for one prompt/tool-use policy up to roughly 1,500 words.

Payment/contact page:

https://files.catbox.moe/yzg76a.html

Free mini prompt audit:

https://files.catbox.moe/0oq6wc.html