Skip to content

AutoGen / AG2 policy index

12 rules — 6 tool · 5 agent · 1 repo

Risk score = severity_weight × confidence × 100 (engine formula; weights: low=0.15, medium=0.40, high=0.70). Higher = worse.

Id SDK/ADK Scope Applies To Policy Severity Confidence Risk Source
1 AG2-001 AutoGen agent autogen_conversable_agent, autogen_user_proxy_agent AutoGen executor runs code on the host without Docker high 0.90 63.0 agent_safety.yaml
2 AG2-002 AutoGen agent autogen_conversable_agent, autogen_user_proxy_agent AutoGen executor runs code with no human review (human_input_mode=NEVER) high 0.85 59.5 agent_safety.yaml
3 AG2-004 AutoGen agent autogen_group_chat_manager AutoGen GroupChatManager has no explicit max_round bound low 0.60 9.0 agent_safety.yaml
4 AG2-005 AutoGen agent autogen_assistant_agent AutoGen AssistantAgent enables code execution on the LLM agent medium 0.70 28.0 agent_safety.yaml
5 AG2-006 AutoGen agent autogen_conversable_agent, autogen_user_proxy_agent AutoGen executor with code execution has no explicit auto-reply cap medium 0.70 28.0 agent_safety.yaml
6 AG2-007 AutoGen tool autogen_tool AutoGen tool has no description low 0.90 13.5 tool_definition.yaml
7 AG2-008 AutoGen tool autogen_tool AutoGen tool parameters are not type-annotated medium 0.85 34.0 tool_definition.yaml
8 AG2-009 AutoGen tool autogen_tool AutoGen tool body spawns a subprocess high 0.85 59.5 shell_safety.yaml
9 AG2-010 AutoGen tool autogen_tool AutoGen tool body evaluates dynamic code high 0.85 59.5 code_execution.yaml
10 AG2-011 AutoGen tool autogen_tool AutoGen tool fetches a caller-controlled URL (SSRF) high 0.80 56.0 ssrf.yaml
11 AG2-012 AutoGen tool autogen_tool AutoGen tool network call has no timeout high 0.85 59.5 network.yaml
12 AG2-201 AutoGen repo autogen AutoGen project ships no agent-guidance doc (AGENTS.md/CLAUDE.md) low 0.90 13.5 repo_hygiene.yaml