DEV Community

Dockfix Labs
Dockfix Labs

Posted on

AgentGuard Catches 8 Vulnerabilities in GitHub Code Scanning

AgentGuard Catches 8 Vulnerabilities in GitHub Code Scanning

We set up a demo repo with vulnerable AI agent code. AgentGuard scanned it in CI and pushed 8 findings directly into GitHub's Security tab.

The Setup

A simple repo with two files:

  • safe_agent.py -- clean code, no issues
  • vulnerable_agent.py -- contains prompt injection, shell access, data exfiltration, and a hardcoded API key

A GitHub Actions workflow runs AgentGuard on every push:

- uses: dockfixlabs/agentguard@v1
  with:
    path: .
    format: sarif
    min-severity: HIGH
    fail-on-finding: false
- uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: agentguard-results.sarif
Enter fullscreen mode Exit fullscreen mode

The Results

8 alerts appeared in the GitHub Security tab:

  1. ASI01-PROMPT-INJECTION -- User input in f-string prompt (CRITICAL)
  2. ASI01-TAINT-TRACK -- AST-traced source-to-sink data flow (CRITICAL)
  3. ASI02-TOOL-ABUSE -- os.system exposed to agent (CRITICAL)
  4. ASI02-TOOL-ABUSE -- subprocess with shell=True (CRITICAL)
  5. ASI06-UNSAFE-EVAL -- os.system eval (CRITICAL)
  6. ASI06-UNSAFE-EVAL -- subprocess eval (CRITICAL)
  7. ASI03-DATA-EXFIL -- POST to external URL (HIGH)
  8. ASI07-CREDENTIAL-LEAK -- Hardcoded API key (CRITICAL)

All 8 are on vulnerable_agent.py. The safe file had zero findings.

Why This Matters

Most security scanners output to a file that nobody reads. AgentGuard pushes findings directly into GitHub's native Security tab -- the same place where CodeQL and Dependabot alerts appear.

This means:

  • Developers see alerts inline in their PRs
  • Security teams can track and manage findings in one place
  • No new tool to learn -- it is all in GitHub

Try the Demo

The repo is public: dockfixlabs/agentguard-demo

Look at the Security tab to see the alerts. Look at the Actions tab to see the scan. Fork it and try yourself.

Add It to Your Repo

# .github/workflows/security.yml
name: Security Scan
on: [pull_request]
jobs:
  scan:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      security-events: write
    steps:
      - uses: actions/checkout@v4
      - uses: dockfixlabs/agentguard@v1
        with:
          format: sarif
          fail-on-finding: false
      - uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: agentguard-results.sarif
Enter fullscreen mode Exit fullscreen mode

That is it. 15 lines of YAML. OWASP ASI Top 10 coverage. Findings in GitHub Security tab.


AgentGuard is MIT-licensed. GitHub | PyPI | Demo

Top comments (0)