# AI Agent Safety Checklist

By John & Dexter / The AI Fixer

A public-safe checklist for putting AI agents near real work. This is not legal advice, security advice, or a private deployment runbook. It is the operator discipline I would want in place before an agent touches anything that matters.

## 1. Name the job

- What exact job should the agent do?
- What is explicitly out of scope?
- Who owns the final decision?
- What evidence proves the job was done?

If the job cannot be written in four boring sentences, it is not ready for autonomy.

## 2. Class the risk

Mark the workflow:

- LOW: read-only research, summaries, drafts.
- MEDIUM: file edits, public content, customer-facing drafts, internal routing.
- HIGH: payments, purchases, live deployment, customer sends, legal/warranty wording, safety-related advice.
- NEVER-AUTO: credentials, destructive deletes, irreversible infrastructure changes, direct physical-world control, anything that could harm a person, customer, vehicle, account or business.

## 3. Reduce the tool set

Before giving the agent tools, remove what it does not need.

- Read-only first.
- Draft before send.
- Propose before execute.
- Specific folders, not the whole machine.
- Specific APIs, not global credentials.
- Time-boxed access, not permanent trust.

## 4. Put gates where risk changes

Add a human approval gate before the agent can:

- send messages to customers or suppliers;
- publish public content;
- restart or deploy production systems;
- buy, bid, refund, invoice or charge;
- alter customer records;
- use sensitive private data;
- make safety-critical recommendations.

## 5. Separate worker and verifier

The same agent should not be the only judge of its own work.

Use at least one of:

- deterministic tests;
- live URL or file verification;
- second-model review;
- human review;
- known-good checklist;
- log/audit comparison.

## 6. Keep a rollback path

Before execution, write down:

- what changed;
- where the old version lives;
- how to undo it;
- who can stop it;
- how you will know the rollback worked.

No rollback, no autonomy.

## 7. Log enough to inspect

A useful log says:

- prompt/task;
- tools used;
- files/routes affected;
- approval decision;
- output/result;
- verification result;
- failure or rollback notes.

Do not log secrets or private customer detail into public/debug channels.

## 8. Public-safe publishing check

Before publishing any agent-produced public material, scan for:

- passwords, tokens, API keys, cookies;
- internal IPs, hostnames, usernames, private paths;
- customer identifiers, phone numbers, registrations, addresses;
- private family details;
- licensed data-source/vendor leakage;
- claims stronger than the evidence.

## 9. The blunt rule

If an agent failure would cost money, reputation, access, safety, legal position, or customer trust, the agent gets a gate.

If the gate feels annoying, make the workflow smaller. Do not remove the gate.