Find prompt-injection paths, write-capable agent jobs, risky Bitbucket Pipelines, GitLab CI, Travis CI, Drone CI, CircleCI, Azure Pipelines, Jenkins, and Buildkite agent jobs, n8n, Dify, Flowise, Langflow, and low-code side effects, broad MCP tools, browser automation risks, and unsafe workflow permissions before an agent runs.
Audit GitHub Actions, Bitbucket Pipelines, GitLab CI, Travis CI, Drone CI, CircleCI, Azure Pipelines, Jenkins, Buildkite, n8n, MCP configs, Activepieces, Dify, Flowise, Langflow, Zapier Zaps, Make, Pipedream, Node-RED, Airflow, and browser automation traces.
Output Markdown, JSON, and SARIF reports. Upload SARIF to GitHub Code Scanning and keep suppression reasons visible.
Use dry-run fix plans, patch previews, low-risk permission fixes, MCP filesystem read-only scoping, CI dry-run defaults, approval snippets, and structured fix reports for PR bots and agent loops.
Install Claude, Codex, Cursor, Copilot, Gemini, OpenClaw, Hermes, AGENTS.md, and MCP resource pack context files.
npx agentic-workflow-guard init .
npx agentic-workflow-guard doctor .
npx agentic-workflow-guard scan . --format sarif --output awg.sarif
npx agentic-workflow-guard fix . --format json
npx agentic-workflow-guard benchmark --format json
npx agentic-workflow-guard benchmark corpus --format json
npx agentic-workflow-guard rules verify .awg/rules/agentic-workflow-guard-core-rules.json.awg.yml, .awg.yaml, and .awg.json config