← all posts
Data Deletion

When a PDF Task Becomes a File Deletion

A routine PDF rotation can trigger a file deletion when a tool instruction is malicious, compromised, or simply too powerful for the workflow.

A user asks an AI agent to rotate a PDF.

That sounds harmless. It is the kind of small workflow enterprises want agents to automate.

But in this scenario, the tool carries an extra instruction the user never gave: delete a file after completing the rotation.

The deletion might be malicious. It might come from a compromised tool. It might come from an overly broad workflow instruction. In some environments, it might even be a legitimate cleanup step.

The point is that the runtime needs to know the difference.

The Problem

Agents do not only generate text. They invoke tools.

Those tools can touch files, documents, records, tickets, storage buckets, internal systems, and production data. When a tool performs a deletion, the action can be irreversible or difficult to investigate later.

If the user asked to rotate a PDF, should the agent be allowed to delete another file?

Maybe the answer is no.

Maybe the answer is yes, but only inside a temporary workspace.

Maybe the answer is yes, but only after approval because the target is production data.

Without runtime governance, the system has no reliable place to make that decision before the action executes.

Why File Deletion Is a Governance Issue

A file deletion can be small, but the pattern is large.

The same class of action can apply to:

Some deletion actions are normal. Some are suspicious. Some are dangerous.

That distinction depends on identity, context, scope, environment, and policy.

How AGP Handles High-Risk Deletion

AGP sits between agents and tools.

When an agent attempts a risky deletion, AGP can evaluate the action before execution:

Low-risk cleanup can proceed under policy. High-risk deletion can be held for approval. Suspicious deletion can be denied.

Govern Actions, Not Just Prompts

The PDF rotation example is intentionally simple.

That is why it matters.

If a routine document task can turn into an unauthorized deletion, enterprise AI systems need controls in the execution path.

AGP provides that control point so risky data operations can be governed before they happen.

AGP is free to use and self-hosted — put it between your agents and your systems.