We Scanned 16 AI Agent Repos. 76% of Tool Calls Had Zero Guards.

We scanned 16 open-source AI agent repositories — both agent frameworks (CrewAI, PraisonAI) and production agent applications (Skyvern, Dify, Khoj, and others) that ship real business logic. 76% of tool calls with real-world side effects had zero protective checks. No rate limits. No input validation. No confirmation steps. No auth checks. An important nuance: you'd expect framework code to lack guards — it's template code, and adding guards is the implementor's job. But the same pattern holds in production agent applications with real business logic. Skyvern (browser automation, 595 files): 76% unguarded. Dify (LLM platform, 1000+ files): 75% unguarded. The frameworks aren't the problem — the problem is that nobody adds guards when they build on top of them either. This means a single prompt injection — or a simple hallucination — could trigger hundreds of unvalidated database writes, unchecked HTTP requests to arbitrary URLs, or file deletions without confirmation. Here's what we fou

We Scanned 16 AI Agent Repos. 76% of Tool Calls Had Zero Guards.

Related Articles

Learn Something Old Every Day, Part XVIII: How Does FPU Detection Work?

“Learn to Code” Is Dead… Learn to Think Instead

How One File Makes Claude Code Actually Follow Your Instructions

LeetCode Solution: 121. Best Time to Buy and Sell Stock

The Feature Took 2 Hours to Build — and 2 Weeks to Fix

Related Articles

How-To
Learn Something Old Every Day, Part XVIII: How Does FPU Detection Work?
Lobsters • 4h ago

How-To
“Learn to Code” Is Dead… Learn to Think Instead
Medium Programming • 6h ago

How-To
How One File Makes Claude Code Actually Follow Your Instructions
Medium Programming • 6h ago

How-To
LeetCode Solution: 121. Best Time to Buy and Sell Stock
Dev.to Tutorial • 6h ago

How-To
The Feature Took 2 Hours to Build — and 2 Weeks to Fix
Medium Programming • 7h ago