ShadowAudit Assessment

Coverage Map

PaymentTool Gated

RefundTool Gated

WireTransfer.. Ungated

BalanceInqui.. Gated

TransactionH.. Gated

DeleteAccoun.. Gated

UpdateAccoun.. Gated

BulkDataExpo.. Ungated

Gated: 6 Ungated: 2 6 of 6 risky tools are protected with ShadowAuditTool.

Tool Inventory

Tool	Category	Status	Risk	Location
`PaymentTool` langchain	payment_initiation Money movement — user must be in the loop.	✓ Gated	HIGH	`payment_tools.py:10`
`RefundTool` langchain	payment_initiation Money movement — user must be in the loop.	✓ Gated	HIGH	`payment_tools.py:23`
`WireTransferTool` langchain	payment_initiation Money movement — user must be in the loop.	❌ Ungated	HIGH	`payment_tools.py:37`
Remediation: `Wrap with ShadowAuditTool: ShadowAuditTool(tool=WireTransferTool(), agent_id="YOUR_AGENT_ID", risk_category="payment_initiation")`
`BalanceInquiryTool` langchain	read_only Unknown category	✓ Gated	LOW	`readonly_tools.py:9`
`TransactionHistoryTool` langchain	read_only Unknown category	✓ Gated	LOW	`readonly_tools.py:22`
`DeleteAccountTool` langchain	delete Unknown category	✓ Gated	CRITICAL	`account_tools.py:9`
`UpdateAccountTool` langchain	update Unknown category	✓ Gated	HIGH	`account_tools.py:22`
`BulkDataExportTool` langchain	data_export Unknown category	❌ Ungated	CRITICAL	`account_tools.py:35`
Remediation: `Wrap with ShadowAuditTool: ShadowAuditTool(tool=BulkDataExportTool(), agent_id="YOUR_AGENT_ID", risk_category="data_export")`

Category Breakdown

Category	Total	Gated	Ungated	Critical/High
`payment_initiation`	3	2	1	1
`read_only`	2	2	0	—
`delete`	1	1	0	—
`update`	1	1	0	—
`data_export`	1	0	1	1

Recommended Taxonomy

Auto-generated taxonomy based on detected tools. Save as a .json file for reuse with --taxonomy.

{
  "payment_initiation": {
    "delta": 0.3,
    "risk_keywords": [
      "pay",
      "payment",
      "transfer",
      "send_money",
      "disburse",
      "remit",
      "send",
      "wire"
    ],
    "description": "Money movement — user must be in the loop."
  },
  "read_only": {
    "delta": 1.0,
    "risk_keywords": [
    ],
    "description": "Unknown category"
  },
  "delete": {
    "delta": 0.2,
    "risk_keywords": [
    ],
    "description": "Unknown category"
  },
  "update": {
    "delta": 0.3,
    "risk_keywords": [
    ],
    "description": "Unknown category"
  },
  "data_export": {
    "delta": 0.15,
    "risk_keywords": [
    ],
    "description": "Unknown category"
  }
}

Implementation Plan

Step-by-step instructions to wrap each ungated tool with ShadowAudit enforcement.

1 WireTransferTool HIGH

Wrap WireTransferTool (category: payment_initiation) with ShadowAuditTool to enforce runtime governance.

from shadowaudit.framework.langchain import ShadowAuditTool
wiretransfertool_safe = ShadowAuditTool(
    tool=WireTransferTool(),
    agent_id="YOUR_AGENT_ID",
    risk_category="payment_initiation"
)

2 BulkDataExportTool CRITICAL

Wrap BulkDataExportTool (category: data_export) with ShadowAuditTool to enforce runtime governance.

from shadowaudit.framework.langchain import ShadowAuditTool
bulkdataexporttool_safe = ShadowAuditTool(
    tool=BulkDataExportTool(),
    agent_id="YOUR_AGENT_ID",
    risk_category="data_export"
)

Executive Summary

Coverage Map

Tool Inventory

Category Breakdown

Recommended Taxonomy

Implementation Plan