Async function without await — fire-and-forget Promise (AI mistake)

[repobilitycom]

Code-quality scan: humanlayer/12-factor-agents

Score: 75/100 (C+) · 74 findings · scanned 2026-05-20 01:29 UTC · 12,595 LOC

Severity	Count
CRITICAL	0
HIGH	33
MEDIUM	1
LOW	31

📊 Full filterable report ·

Top findings

1. HIGH SEC135 — Auth/permission check missing on AI-generated endpoint
   workshops/2025-05-17/walkthrough/10-server.ts:12 · CWE-862
2. HIGH SEC135 — Auth/permission check missing on AI-generated endpoint
   workshops/2025-05-17/walkthrough/09-server.ts:12 · CWE-862
3. HIGH SEC135 — Auth/permission check missing on AI-generated endpoint
   workshops/2025-05-17/walkthrough/08-server.ts:9 · CWE-862
4. HIGH SEC128 — Async function without await — fire-and-forget Promise (AI mistake)
   workshops/2025-05-17/walkthrough/10-server.ts:20
5. HIGH SEC128 — Async function without await — fire-and-forget Promise (AI mistake)
   workshops/2025-05-17/walkthrough/09-server.ts:20

---

Security note: this issue is public. If any flagged finding is a real, exploitable vulnerability, please redirect to your SECURITY.md policy or open a private security advisory instead. We're happy to close this and re-submit privately.

---

Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/42840ac0-4990-44e7-b03f-0fd3300b35e5/