Show HN: Aidevshield NPM audit for AI coding tool workflows (github.com)

Aidevshield has launched version 1.0.0 of its static analysis tool designed to identify security vulnerabilities within AI coding tool workflows, similar to npm audit. This new security scanner assesses various components including GitHub workflows, package dependencies, and AI configurations, checking for known attack patterns such as prompt injection and CI/CD pipeline poisoning. The tool highlights critical issues, such as permissive user permissions that permit any GitHub user to trigger workflows or vulnerabilities that allow untrusted code execution. In a recent case, a vulnerability led to the compromise of Cline's AI tool, affecting over 5 million users. This development is significant for the AI/ML community as AI tools become increasingly integrated into Continuous Integration and Continuous Deployment (CI/CD) environments, presenting new attack surfaces. Aidevshield’s capability to detect and mitigate risks associated with prompt injection and cache poisoning will enhance the security of AI workflows. The tool operates offline, doesn't require API keys, and provides outputs in multiple formats (including SARIF and JSON), making it a versatile addition to developers' security practices. Its comprehensive scanning features position Aidevshield as a unique solution within the growing landscape of security tools for AI coding workflows.