Skip to content

docs: add Identity Propagation & Context section (#2041)#2049

Open
Tryingtobeabetterprogrammer wants to merge 3 commits intoOWASP:masterfrom
Tryingtobeabetterprogrammer:feat-agent-context-propagation
Open

docs: add Identity Propagation & Context section (#2041)#2049
Tryingtobeabetterprogrammer wants to merge 3 commits intoOWASP:masterfrom
Tryingtobeabetterprogrammer:feat-agent-context-propagation

Conversation

@Tryingtobeabetterprogrammer
Copy link
Copy Markdown

@Tryingtobeabetterprogrammer Tryingtobeabetterprogrammer commented Mar 3, 2026
edited by mackowski
Loading

You're A Rockstar

Thank you for submitting a Pull Request (PR) to the Cheat Sheet Series.

🚩 If your PR is related to grammar/typo mistakes, please double-check the file for other mistakes in order to fix all the issues in the current cheat sheet.

Please make sure that for your contribution:

  • In case of a new Cheat Sheet, you have used the Cheat Sheet template.
  • All the markdown files do not raise any validation policy violation, see the policy.
  • All the markdown files follow these format rules.
  • All your assets are stored in the assets folder.
  • All the images used are in the PNG format.
  • Any references to websites have been formatted as [TEXT](URL)
  • You verified/tested the effectiveness of your contribution (e.g., the defensive code proposed is really an effective remediation? Please verify it works!).
  • The CI build of your PR pass, see the build status here.

If your PR is related to an issue, please finish your PR text with the following line:

This PR fixes issue #2041.

AI Tool Usage Disclosure (required for all PRs)

Please select one of the following options:

  • I have NOT used any AI tool to generate the contents of this PR.
  • I have used AI tools to generate the contents of this PR. I have verified
    the contents and I affirm the results. The LLM used is [Gemini 3 Flash]
    and the prompt used is [Collaborative development of Section 9: Identity Propagation for AI Agent Security]. [Feel free to add more details if needed]

Thank you again for your contribution 😃

@Tryingtobeabetterprogrammer
docs: add Section 9 for Identity Propagation and Context
59604a2 
Adds technical guidance on propagating user identity (JWT) to backend tools to prevent privilege escalation in AI agents. Closes OWASP#2041.
@Tryingtobeabetterprogrammer
docs: add Section 9 for Identity Propagation and Context
4635666 
Adds technical guidance on propagating user identity (JWT) to backend tools to prevent privilege escalation in AI agents. Closes OWASP#2041.
jmanico
jmanico previously approved these changes Mar 4, 2026
View reviewed changes
@Tryingtobeabetterprogrammer
Copy link
Copy Markdown
Author

Tryingtobeabetterprogrammer commented Mar 4, 2026

Hi @jmanico and team, thank you for the initial approval! I've completed the checklist for Section 9. Could a maintainer please approve and run the CI workflows so I can verify the build status?

@jmanico
Copy link
Copy Markdown
Member

jmanico commented Mar 4, 2026

Please be patient with us, there was only one review done so far and I want to make sure one of the other committers reviews this. It may take some time, but it's in the queue.

@jmanico
Copy link
Copy Markdown
Member

jmanico commented Mar 4, 2026

Also, there are some linting errors:

  • cheatsheets/AI_Agent_Security_Cheat_Sheet.md:662 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "```"]
  • cheatsheets/AI_Agent_Security_Cheat_Sheet.md:663 MD022/blanks-around-headings Headings should be surrounded by blank lines [Expected: 1; Actual: 0; Above] [Context: "### 9. Identity Propagation & Context"]
  • cheatsheets/AI_Agent_Security_Cheat_Sheet.md:665:36 MD009/no-trailing-spaces Trailing spaces [Expected: 0 or 2; Actual: 1]
  • cheatsheets/AI_Agent_Security_Cheat_Sheet.md:667:26 MD009/no-trailing-spaces Trailing spaces [Expected: 0 or 2; Actual: 1]
  • cheatsheets/AI_Agent_Security_Cheat_Sheet.md:669:25 MD009/no-trailing-spaces Trailing spaces [Expected: 0 or 2; Actual: 1]
  • cheatsheets/AI_Agent_Security_Cheat_Sheet.md:676 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "```Python"]
  • cheatsheets/AI_Agent_Security_Cheat_Sheet.md:690 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]

@Tryingtobeabetterprogrammer
docs: fix formatting and spacing in Section 9
10748e7 
Cleaned up Markdown formatting in Section 9 to satisfy CI requirements. Specifically addressed MD009 trailing spaces on bullet points and MD031/MD022 spacing around headings and Python code blocks.
@Tryingtobeabetterprogrammer
Copy link
Copy Markdown
Author

Tryingtobeabetterprogrammer commented Mar 4, 2026

Hi @jmanico, I have updated the pull request to resolve the linting errors from your feedback:

  • MD009: Removed trailing spaces from the bullet points.

  • MD022 & MD031: Added blank line buffers around headings and code blocks to ensure proper fencing.

  • MD012: Removed consecutive blank lines to clean up the file structure.

The CI checks should be green now. Thank you for the guidance!

@mackowski
Copy link
Copy Markdown
Collaborator

mackowski commented Mar 15, 2026

@Tryingtobeabetterprogrammer there are more linter errors, please fix them and we can merge this :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mackowski mackowski mackowski approved these changes

@jmanico jmanico jmanico left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Tryingtobeabetterprogrammer @jmanico @mackowski