Injection: Agentic Issue¶
Identifier:
agentic
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner |
|---|---|---|
Description¶
Security test raised by the agentic scanner.
If enabled, Escape will use an LLM to analyze the application and raise issues.
Configuration¶
Example¶
Example configuration:
---
security_tests:
agentic:
assets_allowed:
- REST
- GRAPHQL
- WEBAPP
preprompt: |-
Your job is to find an SQL injection in the application.
Here is a pentest report given by a third party:
```
...
```
The SQL injection has been found in the `/api/users` endpoint.
You should try to find if any other endpoints are vulnerable to this type of SQL injection.
skip: true
Reference¶
assets_allowed¶
Type : List[AssetType]*
List of assets that this check will cover.
preprompt¶
Type : string
Preprompt for the agentic scanner.
skip¶
Type : boolean
If true, the agentic scanner will skip this check.