We Scanned 16 AI Agent Repos. 76% of Tool Calls Had Zero Guards

`We scanned 16 open-source AI agent repositories - both agent frameworks (CrewAI, PraisonAI) and production agent applications (Skyvern, Dify, Khoj, and others) that ship real business logic. 76% of tool calls with real-world side effects had zero protective checks. No rate limits. No input validation. No confirmation steps. No auth checks. An important nuance: you'd expect framework code to lack guards - it's template code, and adding guards is the implementor's job. But the same pattern holds in production agent applications with real business logic.