Lock down the AI agents you wired into your repo or CI - shippingszn launch readiness
If you connected an AI agent to your repo or CI — something that reads issues/PRs and can make changes — it can be tricked. A hidden instruction planted in a public issue or PR can hijack the agent into reading your secrets and leaking them, because the agent runs with your access.
This is a real, disclosed 2026 attack class, not theory. A hidden instruction in a public GitHub issue made a popular CI coding agent read its environment and leak an API key (rated critical severity); a separate July 2026 flaw tricked repo agents into exfiltrating private repositories; and supply-chain malware has invoked local AI CLIs with permission-bypass flags to hunt for credentials. The common thread: an agent that can read untrusted text, holds secrets, and can write is an exfiltration path.
Owner verification required: Agent-in-CI risk lives in your pipeline config, trigger permissions, and token scopes across GitHub/CI, not in your app source. Proving an agent can't reach secrets while reading untrusted input is a configuration audit the scanner can't perform.
The Launch Fix Kit keeps scan-specific findings, file and line evidence, AI-builder punch-list tasks, and verification steps tied to the paid report.
- Inventory every AI agent connected to your repo or CI: what triggers it, what it can read, what secrets it can reach, what it can write or deploy.
- Apply the rule of two: never let one agent read untrusted input (public issues/PRs, scraped web, user content) AND hold live secrets AND have write/publish access at the same time. Break at least one leg.
- Pin every GitHub Action to a full commit SHA, not a moving tag like @v1.
- Scope tokens to least privilege; never expose the agent's own API keys in its context or logs.
- Ban permission-bypass flags (--yolo, --dangerously-skip-permissions, --trust-all-tools) in anything that runs against real credentials.
Run the scanner | Unlock Launch Fix Kit
Canonical URL: https://shippingszn.com/i/agent-ci-security/