Every agent has a blast radius. See yours — free.
A read-only scan that maps every place untrusted input could steer your AI agent into a real action — a send, a write, an exec, an API call. Built for people shipping agents on Claude Code, LangChain, CrewAI, n8n or custom. Agent-specific, not general SAST.
Our scanner flagged a documented flaw at the exact line, on the real vulnerable version: CVE-2023-39662 — a CVSS 9.3 remote-code-execution flaw in LlamaIndex’s PandasQueryEngine. Read-only static analysis; no exploit run.
Every action your agents can take, sorted by what it can do — and every place untrusted content could reach one. Is this eval on the model’s output? Reachable from untrusted input? Mapped to the OWASP LLM Top 10.
Read-only. We never act on your systems and never read your secrets. Name and email is all we need. See a sample report.

