AgentGuard Catches 8 Vulnerabilities in GitHub Code Scanning
We set up a demo repo with vulnerable AI agent code. AgentGuard scanned it in CI and pushed 8 findings directly into GitHub's Security tab.
The Setup
A simple repo with two files:
-
safe_agent.py-- clean code, no issues -
vulnerable_agent.py-- contains prompt injection, shell access, data exfiltration, and a hardcoded API key
A GitHub Actions workflow runs AgentGuard on every push:
- uses: dockfixlabs/agentguard@v1
with:
path: .
format: sarif
min-severity: HIGH
fail-on-finding: false
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: agentguard-results.sarif
The Results
8 alerts appeared in the GitHub Security tab:
- ASI01-PROMPT-INJECTION -- User input in f-string prompt (CRITICAL)
- ASI01-TAINT-TRACK -- AST-traced source-to-sink data flow (CRITICAL)
- ASI02-TOOL-ABUSE -- os.system exposed to agent (CRITICAL)
- ASI02-TOOL-ABUSE -- subprocess with shell=True (CRITICAL)
- ASI06-UNSAFE-EVAL -- os.system eval (CRITICAL)
- ASI06-UNSAFE-EVAL -- subprocess eval (CRITICAL)
- ASI03-DATA-EXFIL -- POST to external URL (HIGH)
- ASI07-CREDENTIAL-LEAK -- Hardcoded API key (CRITICAL)
All 8 are on vulnerable_agent.py. The safe file had zero findings.
Why This Matters
Most security scanners output to a file that nobody reads. AgentGuard pushes findings directly into GitHub's native Security tab -- the same place where CodeQL and Dependabot alerts appear.
This means:
- Developers see alerts inline in their PRs
- Security teams can track and manage findings in one place
- No new tool to learn -- it is all in GitHub
Try the Demo
The repo is public: dockfixlabs/agentguard-demo
Look at the Security tab to see the alerts. Look at the Actions tab to see the scan. Fork it and try yourself.
Add It to Your Repo
# .github/workflows/security.yml
name: Security Scan
on: [pull_request]
jobs:
scan:
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- uses: actions/checkout@v4
- uses: dockfixlabs/agentguard@v1
with:
format: sarif
fail-on-finding: false
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: agentguard-results.sarif
That is it. 15 lines of YAML. OWASP ASI Top 10 coverage. Findings in GitHub Security tab.
Top comments (0)