100% detection rate, 0% false positives on the AgentGuard Benchmark Suite (28 samples across 5 OWASP ASI categories + clean code).
- Self-scan false positives: Scanner now skips its own
rules/directory and test files by default. Self-scan went from 94 findings (false positives) to 2 (acceptable setup.py patterns). - ASI01 Prompt Injection: Added detection for messages array injection (
{"role": "user", "content": user_msg}) and template.format(q=q)patterns. - ASI10 Trust Boundary: Added detection for Docker volume mounts with host paths (
/etc,/root,/proc) and sandbox disable patterns (sandbox = None,isolation = False). - ASI03 Data Exfiltration: Whitelisted known LLM API providers (OpenAI, Anthropic, Google, Groq, Together, Mistral, Cohere, DeepSeek, xAI) to eliminate false positives on standard API configuration.
- Benchmark runner: Fixed
subprocess.check_outputfailure by adding--no-exit-codeflag.
--include-testsCLI flag: Explicitly include test files and directories in scans. By default, test files are skipped to avoid false positives from intentional test vulnerabilities.
Category Total Detected Rate FP
---------------------------------------------
ASI01 6 6 100% 0
ASI02 5 5 100% 0
ASI03 4 4 100% 0
ASI07 6 6 100% 0
ASI10 5 5 100% 0
clean 2 0 - 0
---------------------------------------------
TOTAL 28 26 100% 0
Detection rate: 100.0%
False positives: 0
pip install --upgrade dfx-agentguard
agentguard . --format text