Agent Instructions
Finds AGENTS.md, Copilot instructions, custom agents, prompts, and reusable skills.
AI workflow security scanner
Agentic Workflow Guard
Map every place a repository gives AI agents instructions, tools, secrets, or write power, then turn that map into findings, reports, and safer pull request checks.
What It Scans
Automation Paths
Reviews GitHub Actions and other workflow files for unsafe agent execution boundaries.
MCP Trust
Flags unapproved MCP servers, package launches, command tools, and environment exposure.
Reports Built For Adoption
Inventory
--format inventory and inventory-json explain the agentic surface.
Risk Score
--format score gives teams a compact AWI score they can track over time.
Compare
--compare old.json new.json shows introduced and resolved findings between scans.
Copyable Launch Assets
Setup Recipes
Claude Code, Codex, Cursor, Copilot, Cline, and PR comment bot setup paths.
Report Gallery
Commands for SARIF, inventory, score, graph, HTML, migration, compare, and policy reports.
Example Corpus
Unsafe real-world patterns maintainers can scan locally without using a private repo.
Editor POC
Command palette scan and Problems panel diagnostics for VS Code.
Dashboard POC
Local AWI trend dashboard for score, findings, and surface growth.