Agent Audit v0.15.1 Security scanner for AI agents and MCP configurations based on OWASP Agentic Top 10 (2026)
What It Is
CLI static analysis tool — "ESLint for AI agents". Detects vulnerabilities in LangChain, CrewAI, AutoGen, and MCP server
configurations before they reach production.
Key Stats
┌────────────────┬─────────────────────────────────┐
│ Metric │ Value │
├────────────────┼─────────────────────────────────┤
│ Rules │ 40 built-in rules │
├────────────────┼─────────────────────────────────┤
│ OWASP Coverage │ 10/10 ASI categories │
├────────────────┼─────────────────────────────────┤
│ Output Formats │ Terminal, JSON, SARIF, Markdown │
├────────────────┼─────────────────────────────────┤
│ Python Support │ 3.9, 3.10, 3.11, 3.12 │
└────────────────┴─────────────────────────────────┘
What It Detects
- ASI-01 Goal Hijacking: Prompt injection, missing goal validation
- ASI-02 Tool Misuse: Command injection, SQL injection, unsanitized inputs
- ASI-03 Privilege Abuse: Excessive permissions, long-lived credentials
- ASI-04 Supply Chain: Unverified MCP servers, unpinned dependencies
- ASI-05 Code Execution: Unsandboxed eval/exec, data exfiltration chains
- ASI-06 Memory Poisoning: Unsanitized memory writes, unbounded history
- ASI-07 Inter-Agent Comms: Unencrypted channels
- ASI-08 Cascading Failures: Missing circuit breakers, no error handling
- ASI-09 Trust Exploitation: Missing human approval, impersonation
- ASI-10 Rogue Agents: No kill switch, self-modification risk
Quick Start
pip install agent-audit
agent-audit scan .
agent-audit scan . --format sarif --output results.sarif --fail-on high
Links
- Rule Reference: docs/RULES.md
- CI Integration: docs/CI-INTEGRATION.md
- API Stability: docs/STABILITY.md
- PyPI: https://pypi.org/project/agent-audit/