CapitalGuardAI-agent security licensesScan

Operational exposure

Production Access Paths

Agents may reach production indirectly through deploy scripts, cloud configuration, kubeconfig files, service accounts, logs, and runbooks.

Severity: CriticalDetected by: Pro

Signals CapitalGuard looks for

Kubeconfig or cloud provider config in the workspace
Runbooks with production command sequences
Deployment credentials referenced by local scripts

Why it matters

Agents can be asked to debug production without understanding the blast radius.
Operational files often combine credentials, commands, and system topology.
A mistaken command can affect customer-facing infrastructure.

Precautions to take

Keep production credentials outside default coding workspaces.
Require approval gates for deploy, database, and infrastructure commands.
Use redacted runbooks for agent context and keep sensitive procedures restricted.

Next step

Turn this risk into a scoped scan and policy path.

Compare Licenses