Live checkout: Starter, Growth, and Pro licensesBuild cartCompare packages
CapitalGuardAI-agent security licensesBuy

Sample risk report

What a licensed scan delivers.

A buyer sees severity, affected path, why it matters, how an AI agent could expose it, business impact, preventive control, and confidence level.

CapitalGuard scan

acme-platform

78/100 High

AI Agent Risk Score

78/100

High exposure

Dangerous files

7

Require policy blocks

Exposed secret risks

4

Redacted in report

Unsafe permissions

5

Tool access review

Prompt-injection paths

3

Docs and issues

Policy file

1

Ready to deploy

Production secrets reachable.env.productionCritical
Prompt-injection path founddocs/prompts/release-checklist.mdHigh
Workflow edit risk.github/workflows/deploy.ymlHigh
Policy file generated.capitalguard/policy.ymlReady

Critical

Production secrets reachable by agent workspace

.env.production

Confidence: High

Why it matters

The file appears inside the default workspace scope used by AI coding tools.

AI-agent exposure

An agent asked to debug deployment could read or summarize secret names and values.

Business impact

A leaked production key can expose customer data, billing systems, or deployment access.

Preventive control

Move secrets into the deployment provider vault and block this path in agent policy.

Redaction

Secret-like values are masked in UI and exports.

High

Prompt-injection instruction path in internal docs

docs/prompts/release-checklist.md

Confidence: Medium

Why it matters

The document includes imperative instructions an agent may treat as task guidance.

AI-agent exposure

An agent reviewing release docs could follow hidden instructions before developer review.

Business impact

A malicious instruction can alter build steps, exfiltrate logs, or bypass review.

Preventive control

Move operational instructions into signed policy files and label docs as untrusted input.

Redaction

Secret-like values are masked in UI and exports.

High

Deployment workflow can be edited by coding agents

.github/workflows/deploy.yml

Confidence: High

Why it matters

The workflow is both sensitive and currently inside editable AI-agent scope.

AI-agent exposure

A suggested cleanup could modify deployment permissions or add unsafe commands.

Business impact

Build-system compromise can affect production releases and customer trust.

Preventive control

Require protected reviews for workflow changes and add an agent read-only rule.

Redaction

Secret-like values are masked in UI and exports.

Medium

Dangerous command path looks like a routine script

scripts/seed-prod.ts

Confidence: Medium

Why it matters

The script can mutate production-like data and has an unclear execution boundary.

AI-agent exposure

An agent could run it while trying to recreate a bug or seed test data.

Business impact

Accidental data mutation can create downtime, billing errors, or audit gaps.

Preventive control

Rename, isolate, and require environment confirmation before execution.

Redaction

Secret-like values are masked in UI and exports.