Prompt-injection language in SKILL.md
Approval-bypass phrasing and hidden operator instructions detected in skill guidance.
Free public GitHub scanner
Catch risky agent-facing repo files before they enter your workflow.
Security review for SKILL.md, AGENTS.md, hooks, MCP configs, scripts, and repo instructions.
AAF Cloud Scan helps maintainers, reviewers, and builders inspect public GitHub repositories for files that can steer, poison, or abuse agent workflows before install, merge, or adoption.
Built for trust-sensitive review
Focused on the files that shape agent behaviour, not just the application code underneath them.
No target repo code execution
Public repos only
Readable verdicts + downloadable reports
Verdict
Safe / Review / High risk
Checks
Skills · hooks · MCP · scripts
Outputs
JSON + Markdown reports
Execution model
Isolated workflow with signed callback
Sample report snapshot
Repository review verdict
A believable preview of the kind of signal this tool is meant to surface fast.
Risk score
68
Flagged findings
7
Artifact classes
4
run 05a7ffd9
public github repo
signed callback
Unsafe hook execution path
Repository hook references shell execution patterns that deserve manual review before trust.
MCP configuration exposure
Config shape suggests tool access expansion and outbound workflow capability.
Start a repository scan
Paste a public GitHub repository URL
Queue a scan, open a report, and review verdicts, flagged files, and downloadable outputs in one place.
Free right now: built for the GitHub community while the product matures.
Why this matters
The new attack surface is often outside the application code.
Agent workflows can be compromised by repo-level files that shape what the agent sees, trusts, and executes. That is why this scanner is built to surface risky instructions and automation artifacts early.
Agent risk can hide in repo instructions, hooks, manifests, and config long before anyone notices at runtime.
SKILL.md instruction packs
AGENTS.md repo guidance
Hooks and bootstrap scripts
MCP configs
Plugin manifests
Prompt-injection phrasing
Approval-bypass language
Secret access attempts
What the product gives you
Fast review signal, not just a generic scan form.
Designed to make trust decisions easier before install, merge, or adoption.
Clear verdicts
Understand quickly whether a repo looks safe, needs review, or carries obvious agent-facing risk.
Actionable findings
See flagged files, artifact classes, and why they deserve scrutiny without digging through raw logs.
Exportable reports
Download JSON and Markdown outputs for internal review, audit notes, and handoff workflows.
How it works
A narrow, trust-first scan flow.
The product is intentionally scoped to review public GitHub repositories without executing target repo code.
01
Validate the repository
Check that the URL is a supported public GitHub repo and apply size and scope guardrails before queueing.
02
Run an isolated review
Queue an isolated workflow that inspects agent-facing files and returns a signed callback with the result.
03
Review the output
Open a readable report page with verdict, findings, severity context, and downloadable report formats.
Trust model
Built to reduce review friction without pretending to be magic.
Guardrails
- Strict GitHub URL validation
- Public repositories only
- Rate limits and repository size checks
- No target repo code execution
Trust signals
- Readable verdict categories
- Structured findings with context
- Downloadable JSON and Markdown
- Signed callback flow for result integrity
Use it your way
Use the hosted scanner, inspect the GitHub repository directly, or wire the command-line and action flow into your own review process.