DEV Community

Dockfix Labs
Dockfix Labs

Posted on

Secure Your AI Agents in CI/CD: AgentGuard GitHub Action is Live

Secure Your AI Agents in CI/CD: AgentGuard GitHub Action is Live

You can now scan your AI agent code for security vulnerabilities on every pull request. No configuration needed.

The Problem

AI agents have tools. Tools have access. Access means attack surface.

When you build an agent that can call os.system, read files, or make HTTP requests, you are creating a path from "user input" to "code execution". If an attacker can influence the agent's prompt, they can use that path.

This is not theoretical. It is how every prompt injection attack works.

The Solution

Add AgentGuard to your GitHub Actions workflow:

name: Security Scan
on: [pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: dockfixlabs/agentguard@v1
        with:
          path: .
          format: sarif
          min-severity: HIGH
Enter fullscreen mode Exit fullscreen mode

That is it. Every PR gets scanned for:

  • Prompt injection (AST taint tracking, not just regex)
  • Tool abuse (shell access, eval, subprocess with shell=True)
  • Data exfiltration (external URLs, websocket, DNS exfil)
  • Credential exposure (API keys, AWS credentials, private keys)
  • Agent loop exploitation (infinite loops, unbounded recursion)
  • Trust boundary violations (self-modification, host filesystem access)
  • Insecure output handling (LLM output in innerHTML, document.write)
  • Supply chain risks (dynamic imports, unpinned dependencies)
  • Context manipulation (unbounded context, token limits)
  • Excessive agency (sudo/chmod, auto-execute without confirmation)

All 10 OWASP ASI Top 10 categories. In your CI. On every PR.

What It Catches

We scanned LangChain (1,784 files) with AgentGuard. Results:

  • 86 CRITICAL findings
  • 249 HIGH findings
  • 45 MEDIUM findings

Including: shell tools exposed to agents, self-modifying code, tainted data flowing into LLM prompts, and privilege escalation paths.

Full report: Scanning LangChain with AgentGuard

Installation Options

GitHub Action (CI/CD)

- uses: dockfixlabs/agentguard@v1
Enter fullscreen mode Exit fullscreen mode

CLI (local)

pip install dfx-agentguard
agentguard . --format text
Enter fullscreen mode Exit fullscreen mode

Pre-commit hook

repos:
  - repo: https://github.com/dockfixlabs/agentguard
    rev: v0.5.4
    hooks:
      - id: agentguard
Enter fullscreen mode Exit fullscreen mode

MCP Server (for Claude Code / Cursor)

AgentGuard runs as an MCP server. Point your MCP config at it and get real-time security feedback while you code.

Open Source

MIT licensed. No signup. No API key. No cloud.

The code is on GitHub. The package is on PyPI. The benchmark is open. The tests are open.

If you build AI agents, you need this in your pipeline.


AgentGuard v0.5.4 covers all 10 OWASP ASI Top 10 categories with AST-based taint tracking for Python and JavaScript/TypeScript. 50 tests, 15/15 adversarial attacks detected, 0 false positives.

Top comments (0)