Question 1

What exactly does RiskVoid scan for?

Accepted Answer

RiskVoid detects 13 vulnerability types specific to AI agents: prompt injection via concatenation, SQL/command injection in tool functions, LLM output executed as code (eval/exec), server-side request forgery, path traversal, hardcoded credentials, insecure deserialization, uncontrolled tool execution (missing human-in-the-loop), agent-to-agent trust bypass in multi-agent systems, tool result injection, missing input validation, over-privileged database connections, and excessive tool scope. Each finding maps to a CWE identifier with concrete remediation steps.

Question 2

How is this different from SAST tools like Semgrep or SonarQube?

Accepted Answer

Traditional SAST tools treat AI agent code as regular application code and miss agent-specific attack surfaces entirely. RiskVoid understands LangGraph state graphs, LangChain agent executors, CrewAI delegation patterns, and AutoGen group chats. It detects things like prompt injection through string concatenation, tools with capabilities beyond what the agent needs, and multi-agent systems where one agent can hijack another. These are invisible to general-purpose scanners because they require understanding of how LLM orchestration frameworks work.

Question 3

Which frameworks are supported?

Accepted Answer

LangGraph, LangChain, CrewAI, AutoGen, and custom implementations using OpenAI or Anthropic SDKs with tools. The scanner auto-detects your framework by analyzing import patterns and code structure. Python-based agents are fully supported. Framework-specific rules adapt: for example, LangGraph scans check for missing interrupt_before/after on tool nodes, while CrewAI scans flag allow_delegation=True without authentication constraints.

Question 4

How does the scanning process work?

Accepted Answer

Paste your GitHub repository URL, hit scan, and get results in 30-60 seconds. RiskVoid automatically detects your agent framework, analyzes your codebase for vulnerabilities, and generates an interactive report with a risk score (A-F), an Agent Trajectory Graph showing how data flows through your agent, and detailed findings with code locations and remediation steps. No setup, no configuration files, no CLI tools to install.

Question 5

Is my source code stored or shared?

Accepted Answer

No. Your code is fetched temporarily for analysis and never persisted. Only the scan results are stored: findings with file paths, line numbers, and short code snippets relevant to each vulnerability. The full source code is never written to disk or sent beyond what's needed for the analysis. For the LLM analysis layer, only extracted components and findings are sent to the model, not your entire codebase.

Question 6

What is the Agent Trajectory Graph?

Accepted Answer

The Agent Trajectory Graph (ATG) is an interactive visualization of how your agent processes inputs through decision nodes, tool calls, and state transitions. It maps entry points (user input), LLM reasoning nodes, tool execution nodes, and output nodes, then highlights vulnerable paths where untrusted data flows through exploitable tool calls. Think of it as a security-focused call graph that shows exactly how an attacker's input could traverse your agent to reach a dangerous tool.

Question 7

How does the risk scoring work?

Accepted Answer

Each scan produces a score from 0-100 (A through F) based on four equally weighted categories: Tool Security (injection, code execution, SSRF), Prompt Security (prompt injection, result injection), Data Flow Security (validation, deserialization, path traversal), and Permission Security (credentials, authorization, agent trust). A single critical finding deducts 25 points, high severity deducts 15, medium deducts 8. One critical vulnerability is enough for an F grade, because in agent security, one exploitable tool can compromise the entire system.

Question 8

Can I scan private repositories?

Accepted Answer

The current version supports public GitHub repositories only. Private repository scanning with GitHub App integration and CI/CD pipeline support is on our roadmap. If you need private repo scanning now, contact us to discuss early access to the platform tier.

RiskVoid Blog

Agents, Leaks & Regulations

Security Risks in n8n Workflows: A Practical Guide

Claude Goes to War: Inside China's GTG-1002 Autonomous Cyberattack