The Security Checklist for Every AI Agent That Calls External APIs

Most AI agent security discussions focus on prompt injection in the abstract. This one is practical. If your agent calls external APIs, here is the specific list of things worth checking before it goes anywhere near production. Credentials The agent should not hold credential values. If your agent reads os.environ.get("STRIPE_KEY") or retrieves a value from a secrets manager into a variable, the credential exists in the agent's execution context, accessible to the agent, to anything the agent spawns, and to any malicious instruction the agent can be given through external content. The right architecture keeps the credential value outside the agent entirely: the agent passes a key name, the value resolves and injects at the transport layer, and the agent receives the API response. Nothing to extract at any step. Credentials should not be in files the agent can read. .env files, config files, any plaintext file in a directory the agent has access to. If the agent can read the filesystem