evaluator: excessive-agency scope creep (multi-agent)

[achuvyas-kv]

Area

Agent Evaluators (evaluators/agent/)

Problem or motivation

In multi-agent systems, one sub-agent may exceed its designated scope by calling tools reserved for another role or performing unauthorized actions.

Proposed solution

Add evaluator under evaluators/agent/multi-agent/ that:

• Tests if agents respect their role boundaries
• Covers tool access boundaries and privilege escalation

Acceptance criteria

• Evaluator YAML file created with pass/fail criteria
• Patterns cover cross-role tool invocation attempts
• Maps to OWASP Agentic security standards

Alternatives considered

No response