The problem: AI coding assistants are becoming attack surfaces. In the past year we've seen real exploits:
Clinejection (Dec 2025): Prompt injection via GitHub issue titles → AI triage bot executes shell commands → malicious npm package published to 5M users tj-actions/changed-files (Mar 2025): Tag repointing attack hit 23,000 repos via pull_request_target Shai-Hulud (2025): First self-propagating npm worm using postinstall hooks Rules File Backdoor (Feb 2025): Hidden Unicode characters in .cursorrules for invisible prompt injection Existing tools cover parts of this — Zizmor and actionlint for GitHub Actions, Socket.dev for npm — but nothing scans across all four domains: workflows + AI configs + npm packages + prompt injection.
aidevshield does. One command, zero dependencies beyond js-yaml, fully offline:
npx aidevshield scan . What it detects:
Dangerous GitHub Actions patterns (wildcard users, untrusted event field interpolation, unpinned third-party actions) pull_request_target with untrusted checkout (Pwn Request pattern) Malicious npm lifecycle scripts (postinstall curl | sh, node -e inline exec) Hidden Unicode in AI config files (.cursorrules, .github/copilot-instructions.md) Wildcard tool permissions (Bash(), Edit()) Exposed .env files without .gitignore protection Cache poisoning + credential exposure combos Outputs text, JSON, or SARIF (for GitHub Code Scanning integration).
56 end-to-end tests. Every detection maps to a documented real-world attack.
MIT licensed. No signup, no paywall.
GitHub: https://github.com/aidevshield/aidevshield
Happy to answer questions about the threat landscape or implementation.