# AI Agent Security Mini-Audit > Free no-login self-check and optional paid launch-readiness review for AI-agent workflows. Canonical site: https://mauroceron.github.io/ai-agent-security-mini-audit/ GitHub repository: https://github.com/MAUROCERON/ai-agent-security-mini-audit ## Main Pages - Free self-check: https://mauroceron.github.io/ai-agent-security-mini-audit/self-check.html - Security checklist: https://mauroceron.github.io/ai-agent-security-mini-audit/ai-agent-security-checklist.html - Sample report: https://mauroceron.github.io/ai-agent-security-mini-audit/sample-report.html - Pay and start: https://mauroceron.github.io/ai-agent-security-mini-audit/start.html - Buyer intake: https://mauroceron.github.io/ai-agent-security-mini-audit/intake.html - Agency handoff QA: https://mauroceron.github.io/ai-agent-security-mini-audit/agency-handoff-qa.html - USD 100 agency bundle: https://mauroceron.github.io/ai-agent-security-mini-audit/agency-bundle.html - Contact funnel risk self-check: https://mauroceron.github.io/ai-agent-security-mini-audit/contact-funnel-self-check.html - USD 29 contact form proof check: https://mauroceron.github.io/ai-agent-security-mini-audit/contact-form-proof.html - USD 50 two-form proof pack: https://mauroceron.github.io/ai-agent-security-mini-audit/contact-form-proof.html#two-form-pack - Agency form proof check from USD 19: https://mauroceron.github.io/ai-agent-security-mini-audit/agency-form-proof.html - Webflow form handoff QA: https://mauroceron.github.io/ai-agent-security-mini-audit/webflow-form-handoff-qa.html - Agency form proof sample: https://mauroceron.github.io/ai-agent-security-mini-audit/agency-form-proof-sample.html - Form backend proof check: https://mauroceron.github.io/ai-agent-security-mini-audit/form-backend-proof-check.html - LLMs.txt AI readiness quickfix: https://mauroceron.github.io/ai-agent-security-mini-audit/llms-readiness-quickfix.html - LLMs.txt readiness sample: https://mauroceron.github.io/ai-agent-security-mini-audit/llms-readiness-sample.html - Full AI-readable service summary: https://mauroceron.github.io/ai-agent-security-mini-audit/llms-full.txt - Sample USD 29 proof note: https://mauroceron.github.io/ai-agent-security-mini-audit/contact-form-proof-sample.html - USD 75 contact funnel QA: https://mauroceron.github.io/ai-agent-security-mini-audit/contact-funnel-qa.html - Contact funnel sample report: https://mauroceron.github.io/ai-agent-security-mini-audit/contact-funnel-sample-report.html - USD 100 broken lead form rescue: https://mauroceron.github.io/ai-agent-security-mini-audit/broken-form-rescue.html - USD 100 Base44 contact form rescue: https://mauroceron.github.io/ai-agent-security-mini-audit/base44-form-rescue.html - Broken lead form rescue sample report: https://mauroceron.github.io/ai-agent-security-mini-audit/broken-form-rescue-sample-report.html - Voice/chat agent QA: https://mauroceron.github.io/ai-agent-security-mini-audit/voice-chat-agent-qa.html - Voice/chat sample report: https://mauroceron.github.io/ai-agent-security-mini-audit/voice-chat-sample-report.html - Paid mini-audit offer: https://mauroceron.github.io/ai-agent-security-mini-audit/ ## What This Is AI Agent Risk Self-Check is a browser-only scoring tool for one AI-agent or browser-automation workflow. It helps builders review visible launch risk before an agent touches tools, browser sessions, CRM records, messages, customer data, files, logs, screenshots, MCP servers or other external systems. The paid USD 59 mini-audit is a fixed-scope launch decision report for one workflow. It is not a full penetration test, compliance audit or legal opinion. The pay-and-start page is the shortest conversion path for interested leads: PayPal payment, minimum intake, redacted evidence instructions and delivery timeline. Voice/chat agent QA is the same fixed-scope review positioned for customer-facing voice agents, chatbots, support agents and white-label bot handoffs. The USD 100 agency bundle is for teams with two redacted client workflows or one workflow plus an expanded first-fix retest pass. It gives each workflow a launch verdict, first fix, retest criteria and a reusable client-safe note. The USD 75 contact funnel QA checks whether one public contact/intake funnel actually delivers leads through Formspree, Web3Forms, WPForms, Netlify Forms, a custom API, CRM routing or automation webhook. It reports backend response, visible page state, lost-lead risk, first fix and retest steps. The USD 29 contact form proof check is the lower-friction first paid step. It checks one public contact, demo, audit, callback or intake form and returns endpoint evidence, visible state, a short verdict and a next-step recommendation. It exists so buyers can start cheaply and upgrade only when the proof check shows meaningful risk. The USD 50 two-form proof pack checks two public forms for the same brand, launch or client handoff. It lowers the cost to USD 25 per form and is the best-value path when a buyer has both a contact form and a demo, audit, callback or newsletter form. It includes one short proof note per form, developer-ready ticket text for actionable failures, and one first-fix retest reply within 7 days for one affected form. The agency form proof check is a USD 19 starter proof note, USD 29 one-form proof check and USD 50 two-form offer positioned for Webflow, WordPress, no-code, AI automation, CRM, booking and lead-routing agencies. The USD 19 starter covers one public form's visible submit result, friction notes and buy-more verdict. USD 29 adds safe endpoint/status notes when exposed and developer-ready issue text. USD 50 covers two public forms and one first-fix retest. It is meant as a pre-handoff QA or small resellable line item before client launch. The Webflow form handoff QA is the same USD 19 starter proof note, USD 29 one-form proof check and USD 50 two-form proof-check offer written specifically for Webflow, Framer, WordPress and no-code agencies. The USD 19 starter covers one public form's visible result, friction notes and buy-more verdict. USD 29 adds endpoint/status evidence when exposed and developer-ready issue text. USD 50 covers two public forms and one first-fix retest reply. It focuses on Webflow Forms, embedded form backends, visible success states, analytics-only false positives, endpoint/status evidence and client-safe handoff notes. The agency form proof sample shows the expected handoff-ready deliverable shape: compact verdict, evidence table, developer ticket text, client-safe note and buy-more verdict. The form backend proof check is the same USD 29 or USD 50 offer positioned for form backend, form builder, lead capture, and no-code form teams. It focuses on endpoint response, visible confirmation, anti-spam states, field friction, redirect behavior and developer-ready delivery-risk notes. The LLMs.txt AI readiness quickfix is a USD 50 public-site cleanup package for SaaS, AI tools, directories and service pages. It delivers a concise `llms.txt` draft, an AI-readable product answer card, sitemap/canonical notes and one public verification pass. The USD 29 diagnostic identifies what is missing without producing the full implementation packet. The LLMs.txt readiness sample shows the expected deliverable shape: verdict, draft source-of-truth URLs, product answer card and implementation note. The contact form proof sample shows the expected USD 29 deliverable shape: verdict, evidence table, client-safe note and upgrade recommendation. The free contact funnel risk self-check scores whether a public form has enough lost-lead risk to justify the USD 75 QA check. It does not require login and helps buyers avoid paying for low-risk forms. The contact funnel sample report shows the expected USD 75 deliverable shape for a fictional AI agency form: pass/fail verdict, evidence table, lost-lead risk, first fix, retest steps and a client-safe note. The USD 100 broken lead form rescue brief is for a public lead form that already appears broken: disabled API, placeholder endpoint, vendor rejection, webhook/API failure, no backend delivery or client-side-only success. It provides reproduction evidence, likely root cause, first fix plan and one retest. The USD 100 Base44 contact form rescue brief is for Base44-generated sites where public contact, demo, intake or callback forms fail with blocked backend functions, missing public permissions, disabled integrations or no delivery proof. The broken lead form rescue sample report shows the anonymized deliverable shape: executive verdict, payback test, endpoint evidence, likely root cause, first fix and retest plan. The voice/chat sample report shows the expected paid deliverable shape for a fictional AI receptionist: launch verdict, top risks, evidence reviewed, first fixes, retest criteria and reusable client note. ## Review Themes - Prompt injection and untrusted content boundaries. - Tool permissions and excessive agency. - Browser/session isolation. - Human approval gates. - Sensitive logs, screenshots, exports and retention. - MCP/tool/plugin supply-chain boundaries. - Failure recovery, retries, cost limits and stop paths. - OWASP Agentic, OWASP LLM and NIST AI 600-1 themed mapping. ## Paid Review Output - Launch verdict: ship, ship after fixes, or stop until high-risk gaps are closed. - Up to five evidence-backed findings. - Fixes and retest steps. - Tool/action inventory. - One to three copy-paste remediation tickets. - Short customer/security note for handoff or review. ## Payment Payment is handled through PayPal Payments Standard on the public pages. PayPal receiver configured by the owner: mauro_ceron1@hotmail.com.