Risk insights (red badges)
Insight | What it means |
External API Call Capability | The agent can make HTTP requests to external endpoints |
Publicly Accessible | The agent—or one of its components—is visible outside your organization |
High-Risk Tools Connected | The agent connects to apps rated High or Critical |
Unauthenticated Access Point | A trigger, webhook, or MCP connection has no authentication configured |
Can Trigger Workflows | The agent can invoke other automations or workflows |
Hardcoded Secrets | A component contains plaintext API keys, tokens, or credentials |
Context insights (grey badges)
Insight | What it means |
Conversation Memory | The agent retains context between sessions |
Agent Builder | The agent can create or modify other agents |
Community Components | The agent uses unverified community-sourced components |
Recipients Configured | The agent can send messages or emails to external recipients |
Internal Only | The agent's visibility is restricted to your organization (a mitigating factor) |
Read Only | All of the agent's permissions are read-scope (a mitigating factor) |