METHODOLOGY

How the scanner decides risk.

The security verdict is deterministic. Gemini explains results only after rule-based scanning creates findings, severity, scores, patch previews, attack paths, and deployment gate decisions.

Scan architecture

Text-only source analysis pipeline.

No code execution
01
Load source

GitHub ZIP, uploaded ZIP, or demo agent files are read as text only.

02
Run scanners

Rule modules detect agent-specific risks and produce stable finding IDs.

03
Build artifacts

The backend generates Prove Mode paths, patch previews, and a deployment gate decision.

04
Explain safely

Gemini summarizes the deterministic result. It does not decide the verdict.

05
Review report

Frontend shows score, risk panels, findings, patches, DAP, and export actions.

CONTROL

Rule engine owns verdict

Findings, severity, category scores, safety score, attack paths, patch previews, and gate decisions are generated by backend logic.

CONTROL

AI explains only

Gemini writes compact summaries and DAP answers grounded in the report. It does not invent findings or change scores.

CONTROL

Safe by design

GitHub repositories and ZIP files are safely extracted, limited, read as text, and never executed by the scanner.

Risk categories

Six categories, one deployment decision.

Higher risk score is worse
Category
What it checks
Report output
Prompt Injection
Committed prompts, unsafe prompt assembly, raw user input inside agent instructions.
Prompt Injection Risk
Secret Exposure
Hardcoded keys, tokens, JWT secrets, and credential-like source values.
Secret Exposure Risk
Tool Permission
Unscoped tools, dangerous functions, shell/code execution, external actions.
Tool Permission Risk
Human Approval
High-impact actions without confirmation, review, or approval patterns.
Human Approval Risk
Data Exposure
PII-like fields, customer records, and unmasked sensitive outputs.
Data Exposure Risk
Auditability
Missing logging around tool calls, agent decisions, or critical actions.
Auditability Risk
Scoring

Safety score vs category score.

The overall safety score is higher when the agent is safer. Category scores are risk scores, so higher means worse in that specific area.

  • 0–39 category score: lower risk
  • 40–69 category score: watch and review
  • 70–100 category score: fix first
Deployment gate

BLOCK, REVIEW, or ALLOW.

The gate uses safety score, critical findings, secret exposure, unsafe high-impact tools, and missing approval gates to decide if a repo should move forward.

  • BLOCK: unsafe before deployment
  • REVIEW: proceed only after human review
  • ALLOW: no hard blocker detected