semantic-kernel-tool-security
CommunityHarden Semantic Kernel plugin use.
System Documentation
What problem does it solve?
Semantic Kernel's planner and automatic function calling are designed to let the model decide which plugins to invoke and with what arguments. This is the intended design — and the core security risk. The model's plugin selection is model output, not deterministic policy. If all registered plugins are visible to all users, and if the planner can call them without a per-invocation authorization check, then any injection that influences the model's plugin selection has effectively invoked those capabilities with the ambient permissions of the service account.
Core Features & Use Cases
- Native and prompt-based plugins, function registration, and plugin exposure rules
- Planners, automatic function calling, kernel arguments, filters, and memory connectors
- Connectors to files, HTTP APIs, databases, enterprise systems, and code execution surfaces
- Use Case: Security review of Semantic Kernel deployments across multi-tenant environments to prevent privilege escalation and unauthorized actions by the planner.
Quick Start
Review your Semantic Kernel planner and plugins to verify authorization, sandboxing, and proper connector permissions.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: semantic-kernel-tool-security Download link: https://github.com/maruakshay/mii-ai-security/archive/main.zip#semantic-kernel-tool-security Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.