Warden Governance Report

14

/ 100

34 / 235 raw

UNGOVERNED

Core Governance (11 / 100)

D1 Tool Inventory

0 / 25

D2 Risk Detection

0 / 20

CRITICAL Agent loop with LLM call has no exit condition — potential infinite loop

D3 Policy Coverage

6 / 20

D4 Credential Management

3 / 20

D5 Log Hygiene

2 / 10

MEDIUM print() used instead of structured logging

+ 3 more findings

D6 Framework Coverage

0 / 5

HIGH LangChain used without CallbackManager — no tool/chain observability

+ 40 more findings

Advanced Controls (14 / 50)

D7 Human-in-the-Loop

3 / 15

D8 Agent Identity

11 / 15

D9 Threat Detection

0 / 20

HIGH Empty exception handler — errors silently swallowed

+ 13 more findings

Ecosystem (8 / 55)

D10 Prompt Security

0 / 15

D11 Cloud / Platform

0 / 10

D12 LLM Observability

2 / 10

D13 Data Recovery

2 / 10

D14 Compliance Maturity

4 / 10

MEDIUM Unpinned AI dependency: langchain

+ 4 more findings

Unique Capabilities (1 / 30)

D15 Post-Exec Verification

0 / 10

HIGH Tool result assigned directly without verification

D16 Data Flow Governance

0 / 10

D17 Adversarial Resilience

1 / 10

CRITICAL No content injection defense — hidden HTML/CSS/zero-width instructions pass to agents undetected. (86% attack success ra

CRITICAL No RAG poisoning protection — knowledge base documents not scanned for embedded instructions. (<0.1% contamination = >80

HIGH No behavioral trap detection — post-execution behavioral changes not monitored. (10/10 M365 Copilot attacks succeeded)

HIGH No approval integrity verification -- agent summaries for approval not cross-checked against actual actions. (Approval f

MEDIUM No adversarial testing evidence — no red team, no prompt injection tests

+ 2 more findings

Score reflects only what Warden can observe locally. Undetected controls are scored as 0, not assumed good. Dimensions are weighted by governance impact. Methodology: SCORING.md

Total Findings

90

4 CRITICAL · 67 HIGH

Tools Detected

0

None detected

Credentials

0

None detected

Governance Gaps

8

of 17 dimensions

Compliance Refs

9

EU AI Act / OWASP / MITRE

🛡 Governance Layer Detection0 tools detected · 17 dimensions

❌

D1: Tool Inventory — none detected

MCP tool discovery, live catalog, schema completeness, auto-discovery

0 / 25 pts

❌

D2: Risk Detection — none detected

Risk classification, semantic analysis, intent-parameter consistency

0 / 20 pts

❌

D6: Framework Coverage — none detected

LangChain/AutoGen/CrewAI/custom framework detection

0 / 5 pts

❌

D9: Threat Detection — none detected

Behavioral baselines, anomaly detection, cross-session tracking, kill switch

0 / 20 pts

❌

D10: Prompt Security — none detected

Prompt injection detection, jailbreak prevention, content filtering

0 / 15 pts

❌

D11: Cloud / Platform — none detected

Multi-cloud, marketplace, SSO/IdP, SIEM integration

0 / 10 pts

❌

D15: Post-Exec Verification — none detected

Result validation, PASS/FAIL verdicts, failure fingerprinting

0 / 10 pts

❌

D16: Data Flow Governance — none detected

Taint labels, data classification, cross-tool leakage prevention

0 / 10 pts

📊 Solutions Comparison2 rows · 17 dimensions · 235 max pts

Tool	D1	D2	D3	D4	D5	D6	D7	D8	D9	D10	D11	D12	D13	D14	D15	D16	D17	/235	/100
Max pts	25	20	20	20	10	5	15	15	20	15	10	10	10	10	10	10	10	235
SharkRouter	23	18	18	18	9	5	14	14	18	14	9	9	9	9	9	9	9	214	91
Your Scan	0	0	6	3	2	0	3	11	0	0	0	2	2	4	0	0	1	34	14

SharkRouter per-dimension scores are proportional estimates from total score. Detected tool scores are totals only (per-dimension breakdown not available). Methodology: SCORING.md

🔎 Findings90 total

▶ CRITICAL 4

CRITICAL D2

Agent loop with LLM call has no exit condition — potential infinite loop

...os\langgraph\libs\langgraph\langgraph\_internal\_queue.py:23

Add max_iterations, timeout, or explicit break condition

CRITICAL D5

No audit logging for tool calls detected

Add audit logging for all tool/agent executions

EU AI Act Article 12

CRITICAL D17

No content injection defense — hidden HTML/CSS/zero-width instructions pass to agents undetected. (86% attack success rate)

Deploy trap defense layer on tool results

EU AI Act Article 15OWASP LLM01MITRE AML.T0051

Show 1 more CRITICAL findings

CRITICAL D17

No RAG poisoning protection — knowledge base documents not scanned for embedded instructions. (<0.1% contamination = >80% attack success)

Deploy trap defense layer on tool results

EU AI Act Article 15OWASP LLM01MITRE AML.T0049

▶ HIGH 67

HIGH D9

Empty exception handler — errors silently swallowed

...allery\repos\langgraph\libs\langgraph\langgraph\config.py:24

Log the exception or handle it explicitly

HIGH D9

Empty exception handler — errors silently swallowed

...ery\repos\langgraph\libs\langgraph\langgraph\constants.py:61

Log the exception or handle it explicitly

HIGH D9

Empty exception handler — errors silently swallowed

...y\repos\langgraph\libs\langgraph\langgraph\graph\state.py:745

Log the exception or handle it explicitly

Show 64 more HIGH findings

HIGH D9

Empty exception handler — errors silently swallowed

...repos\langgraph\libs\langgraph\langgraph\graph\_branch.py:77

Log the exception or handle it explicitly

HIGH D9

Empty exception handler — errors silently swallowed

...repos\langgraph\libs\langgraph\langgraph\graph\_branch.py:115

Log the exception or handle it explicitly

HIGH D15

Tool result assigned directly without verification

...repos\langgraph\libs\langgraph\langgraph\graph\_branch.py:166

Verify tool result status/validity before using

HIGH D9

Empty exception handler — errors silently swallowed

...\repos\langgraph\libs\langgraph\langgraph\pregel\_call.py:74

Log the exception or handle it explicitly

HIGH D9

Empty exception handler — errors silently swallowed

...os\langgraph\libs\langgraph\langgraph\pregel\_executor.py:85

Log the exception or handle it explicitly

HIGH D9

Empty exception handler — errors silently swallowed

...os\langgraph\libs\langgraph\langgraph\pregel\_executor.py:118

Log the exception or handle it explicitly

HIGH D9

Empty exception handler — errors silently swallowed

...os\langgraph\libs\langgraph\langgraph\pregel\_executor.py:210

Log the exception or handle it explicitly

HIGH D9

Empty exception handler — errors silently swallowed

...ry\repos\langgraph\libs\langgraph\langgraph\pregel\_io.py:51

Log the exception or handle it explicitly

HIGH D9

Empty exception handler — errors silently swallowed

...s\langgraph\libs\langgraph\langgraph\_internal\_fields.py:150

Log the exception or handle it explicitly

HIGH D9

Empty exception handler — errors silently swallowed

...s\langgraph\libs\langgraph\langgraph\_internal\_fields.py:160

Log the exception or handle it explicitly

HIGH D9

Empty exception handler — errors silently swallowed

...s\langgraph\libs\langgraph\langgraph\_internal\_future.py:24

Log the exception or handle it explicitly

HIGH D9

Empty exception handler — errors silently swallowed

...os\langgraph\libs\langgraph\langgraph\_internal\_queue.py:33

Log the exception or handle it explicitly

HIGH D9

Empty exception handler — errors silently swallowed

...langgraph\libs\langgraph\langgraph\_internal\_runnable.py:275

Log the exception or handle it explicitly

HIGH D9

Empty exception handler — errors silently swallowed

...langgraph\libs\langgraph\langgraph\_internal\_runnable.py:280

Log the exception or handle it explicitly

HIGH D9

Empty exception handler — errors silently swallowed

...langgraph\libs\langgraph\langgraph\_internal\_runnable.py:363

Log the exception or handle it explicitly

HIGH D9

Empty exception handler — errors silently swallowed

...langgraph\libs\langgraph\langgraph\_internal\_runnable.py:435

Log the exception or handle it explicitly

HIGH D15

Tool result assigned directly without verification

...langgraph\libs\langgraph\langgraph\_internal\_runnable.py:658

Verify tool result status/validity before using

HIGH D6

LangChain used without CallbackManager — no tool/chain observability

...\gallery\repos\langgraph\libs\langgraph\bench\__main__.py:4