Promptfoo Code Scanning is a GitHub Action-based security scanner designed to detect vulnerabilities specific to applications built on large language models (LLMs) and AI agents. It integrates into the pull request (PR) review workflow and performs agentic code tracing to identify security issues before they reach production. The scanner focuses on LLM-specific vulnerability classes, including: - Prompt Injection: untrusted input reaching LLM prompts without sanitization - Data Exfiltration: indirect prompt injection vectors that could extract data through agent tools - PII Exposure: code that may leak sensitive user data to LLMs or log confidential information - Improper Output Handling: LLM outputs used in dangerous contexts such as SQL queries or shell commands - Excessive Agency: LLMs with overly broad tool access or missing approval gates - Jailbreak Risks: weak system prompts or guardrail bypasses that could allow harmful outputs Key operational characteristics: - Deep tracing: the scanner goes beyond the PR diff, tracing LLM inputs, outputs, and capability changes throughout the broader repository - Low false-positive design: maintains a high reporting bar to reduce alert fatigue; maintainers can configure severity levels and provide custom instructions - Fix suggestions: each finding includes a suggested remediation and a prompt that can be passed to an AI coding agent for further investigation and resolution The tool has been tested against real CVEs in LangChain, Vanna.AI, and LlamaIndex. No account, credit card, or API keys are required to get started.