GitHub Action for automated security scanning of agent workspaces. Detects exposed secrets, prompt/shell injection, and data exfiltration patterns in PRs and commits.
GitHub Action that scans agent skills for security issues on every PR.
| Scanner | What It Catches |
|---|---|
| sentry | API keys, tokens, passwords, credentials in code |
| bastion | Prompt injection markers, shell injection patterns |
| egress | Suspicious network calls, data exfiltration patterns |
Add to .github/workflows/security.yml: