Agent Security Scanning

Part of Agent Skills™ by googleadsagent.ai™

Description

Agent Security Scanning detects vulnerabilities in AI-generated code before it reaches production. The agent applies OWASP Top 10 for LLM Applications, scans for known CVEs in dependencies, identifies prompt injection vectors, and flags insecure patterns specific to agent-generated code—such as unsanitized dynamic SQL, eval() usage, and unvalidated deserialization.

AI code generators produce code that "works" but frequently contains security vulnerabilities invisible to functional testing. Studies show that AI-generated code contains exploitable vulnerabilities at higher rates than human-written code, particularly in input validation, authentication, and cryptographic operations. This skill applies security analysis specifically calibrated for the patterns that AI agents produce.

The scanning pipeline covers three layers: static analysis of generated code (injection, XSS, SSRF), dependency vulnerability scanning (CVE database matching), and agent-specific threat modeling (prompt injection, tool misuse, data exfiltration through tool calls). Each finding includes a severity rating, CWE classification, and a concrete remediation with code example.

Use When

• Reviewing AI-generated code before committing or deploying
• Scanning dependencies for known CVEs after npm install or pip install
• Auditing agent tool call patterns for potential misuse
• Implementing security gates in CI/CD pipelines
• The user requests security review, vulnerability scan, or penetration testing