ProtocolProduction ReadyMCP

agent-audit

Name: agent-audit
Rating: 3.0 (161 reviews)
Author: HeadyZhang

by HeadyZhang

Static security scanner for LLM agents with OWASP Agentic Top 10 rules

Python

Updated Apr 18, 2026

161

Stars

Forks

View on GitHub

Overview

Scans agent code and configurations for security issues like prompt injection, taint flows, and misconfigured MCP settings Model Context Protocol (MCP). Implements 49 static rules mapped to the OWASP Agentic Top 10 (2026) to flag risky prompts, leaking contexts, and unsafe delegation patterns. Provides a CLI and integrations with langchain, crewai, and AutoGen so you can add checks into CI and pre-deployment gates. Defense in Depth Pattern

Key Benefits

As agents delegate tasks and communicate across services, static vulnerabilities in prompts and configs become systemic risks to multi-agent trust. Agent-audit gives teams an automated way to detect known agentic failure modes and policy violations before agents run in production. This shifts some evaluation left — catching trust and safety issues early and making agent-to-agent evaluation actionable. Addressing these concerns helps reduce policy violations before they propagate.

Ideal For

Security engineers and MLOps teams who need automated static checks for prompt injection, taint flows, and MCP misconfigurations before deploying agent systems. This helps mitigate prompt injection risks early in the deployment lifecycle.