Skip to content

v0.2.0

Latest

Choose a tag to compare

@gnim81 gnim81 released this 29 May 14:34

Summary

  • Detect pull_request_target workflows that checkout untrusted pull request head code before running an AI agent.
  • Add vulnerable and safe fixtures for the checkout-to-agent pattern.
  • Document the new awi.untrusted-checkout-to-agent rule and add launch copy.

Verification

  • npm run check: 10 test files passed, 33 tests passed, build succeeded.
  • npm audit: 0 vulnerabilities.
  • npm pack --dry-run: awi-scan-0.2.0.tgz, 23 files, no internal docs.
  • node dist/cli.js examples --format human --fail-on none --no-color: 3 findings in 5 workflow files.

Note: npm publish is handled manually by the project owner.