---
id: "action-scope-permissions"
type: "action-item"
source_timestamps: ["00:19:18", "00:19:35"]
tags: ["security", "access-control"]
related: ["claim-unscoped-agents-insecure", "framework-agent-deployment-commandments"]
action: "Explicitly define and restrict what an agent can read, write, and delete."
outcome: "Prevention of privilege escalation and massive security vulnerabilities in enterprise systems."
speakers: ["Nate B. Jones"]
sources: ["s53-agent-100x-review-3x"]
sourceVaultSlug: "s53-agent-100x-review-3x"
originDay: 53
---
# Scope Agent Permissions Explicitly

## Action

**Explicitly define and restrict what an agent can read, write, and delete.**

## What to Do

1. Never give an agent a **"blank slate permission slip."**
2. Deliberately enumerate what each skill needs and grant only that.
3. Implement strict guardrails that restrict read, write, and delete access to the minimum necessary surface for the specific skill.
4. Audit permission scopes regularly as skills evolve.

## Outcome

Prevention of privilege escalation and massive security vulnerabilities in enterprise systems. This is **commandment five** of [[framework-agent-deployment-commandments]] and the operational answer to [[claim-unscoped-agents-insecure]].