Security Agents: A Collection of Security Review Agents for GitHub Agentic Workflows

Security Agents is a collection of security review agents designed specifically for GitHub Agentic Workflows, covering six major security domains: authorization, keys, infrastructure, supply chain, data exposure, and threat modeling. It provides evidence-based security reviews and configurable blocking policies, aiming to address challenges such as quality issues, false positives, and prompt injection when AI participates in code reviews, thus providing professional security guarantees for intelligent workflows.

Traditional code review relies on manual work, which has efficiency bottlenecks when facing large-scale and high-frequency code changes. The emergence of AI Agents enables 7x24 uninterrupted work and rapid scanning of code changes, but it also brings new challenges: how to ensure review quality, handle false positives, prevent prompt injection attacks, and unify and customize review standards. The Security Agents project was born to solve these problems.

Security Agents包含六个专注不同领域的安全审查Agent：

1. Authorization and Tenant Isolation Review: Identify missing authorization checks, IDOR vulnerabilities, tenant isolation issues, privilege escalation paths, etc.
2. Key and Configuration Review: Scan for hard-coded keys, insecure default configurations, sensitive data logging, and environment variable security issues.
3. Infrastructure and Kubernetes Review: Check for privileged containers, overly permissive RBAC permissions, insecure Terraform configurations, and missing network policies.
4. Dependency and Supply Chain Review: Focus on high-risk dependencies, unfixed versions, insecure build steps, and dependency confusion attacks.
5. Data Exposure Review: Identify PII leaks, excessive API responses, insecure serialization, and sensitive data in logs.
6. Threat Modeling Review: Evaluate new attack paths, changes in trust boundaries, blast radius, and external integration risks.

Evidence-Based Review Principles: Each security finding must include specific code evidence, risk description, exploitation scenario, repair suggestion, and false positive explanation to ensure the results are actionable and verifiable. Prompt Injection Protection: Build defense-in-depth through content isolation (separating repository content from system prompts), output format constraints (enforcing structured JSON), and input validation (preprocessing PR diffs to identify injection patterns). However, high-risk PRs still require manual review.

Progressive Deployment:

1. Advisory mode: Only post comments without blocking merges, used to calibrate false positive rates, familiarize with finding formats, and record false positive patterns.
2. Blocking mode: Block merges for high-confidence high-risk issues, with adjustable thresholds. Organizational Customization: Through the .github/agentic-workflows/pr-security-review.md file in the consuming repository, set review modes, provide organizational context, reference suppression files, and add specific review instructions, balancing general solutions with customized needs.

Current version limitations include:

1. Context window limitation: Oversized diffs may exceed the Agent's processing range, leading to incomplete reviews.
2. Indirect vulnerabilities: Only reviews the diff itself, which may miss vulnerabilities requiring full codebase context.
3. Generated/dependency code issues: May raise issues about generated code or third-party dependencies not maintained by the team.
4. New attack patterns: May miss new attack patterns not included in training data or prompts.

Security Agents provides a professional, configurable, and secure solution for AI-assisted code review. Through six review agents, evidence-based principles, prompt injection protection, and progressive deployment, it helps organizations responsibly introduce AI security reviews. As AI programming assistants become popular, automated security reviews will become a standard, and this project provides organizations with a reference implementation model that balances efficiency improvement and code security standards.