Summary
- Detect pull_request_target workflows that checkout untrusted pull request head code before running an AI agent.
- Add vulnerable and safe fixtures for the checkout-to-agent pattern.
- Document the new awi.untrusted-checkout-to-agent rule and add launch copy.
Verification
- npm run check: 10 test files passed, 33 tests passed, build succeeded.
- npm audit: 0 vulnerabilities.
- npm pack --dry-run: awi-scan-0.2.0.tgz, 23 files, no internal docs.
- node dist/cli.js examples --format human --fail-on none --no-color: 3 findings in 5 workflow files.
Note: npm publish is handled manually by the project owner.