Secure Your AI Agents in CI/CD: AgentGuard GitHub Action is Live
You can now scan your AI agent code for security vulnerabilities on every pull request. No configuration needed.
The Problem
AI agents have tools. Tools have access. Access means attack surface.
When you build an agent that can call os.system, read files, or make HTTP requests, you are creating a path from "user input" to "code execution". If an attacker can influence the agent's prompt, they can use that path.
This is not theoretical. It is how every prompt injection attack works.
The Solution
Add AgentGuard to your GitHub Actions workflow:
name: Security Scan
on: [pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dockfixlabs/agentguard@v1
with:
path: .
format: sarif
min-severity: HIGH
That is it. Every PR gets scanned for:
- Prompt injection (AST taint tracking, not just regex)
- Tool abuse (shell access, eval, subprocess with shell=True)
- Data exfiltration (external URLs, websocket, DNS exfil)
- Credential exposure (API keys, AWS credentials, private keys)
- Agent loop exploitation (infinite loops, unbounded recursion)
- Trust boundary violations (self-modification, host filesystem access)
- Insecure output handling (LLM output in innerHTML, document.write)
- Supply chain risks (dynamic imports, unpinned dependencies)
- Context manipulation (unbounded context, token limits)
- Excessive agency (sudo/chmod, auto-execute without confirmation)
All 10 OWASP ASI Top 10 categories. In your CI. On every PR.
What It Catches
We scanned LangChain (1,784 files) with AgentGuard. Results:
- 86 CRITICAL findings
- 249 HIGH findings
- 45 MEDIUM findings
Including: shell tools exposed to agents, self-modifying code, tainted data flowing into LLM prompts, and privilege escalation paths.
Full report: Scanning LangChain with AgentGuard
Installation Options
GitHub Action (CI/CD)
- uses: dockfixlabs/agentguard@v1
CLI (local)
pip install dfx-agentguard
agentguard . --format text
Pre-commit hook
repos:
- repo: https://github.com/dockfixlabs/agentguard
rev: v0.5.4
hooks:
- id: agentguard
MCP Server (for Claude Code / Cursor)
AgentGuard runs as an MCP server. Point your MCP config at it and get real-time security feedback while you code.
Open Source
MIT licensed. No signup. No API key. No cloud.
The code is on GitHub. The package is on PyPI. The benchmark is open. The tests are open.
If you build AI agents, you need this in your pipeline.
AgentGuard v0.5.4 covers all 10 OWASP ASI Top 10 categories with AST-based taint tracking for Python and JavaScript/TypeScript. 50 tests, 15/15 adversarial attacks detected, 0 false positives.
Top comments (0)