ZeroLeaks
Platform

GitHub Integration

Install the ZeroLeaks GitHub App, auto-scan PRs that modify prompt files, and trigger scans with @zeroleaks.

GitHub Integration

ZeroLeaks integrates with GitHub via a GitHub App. You can:

  • Auto-scan pull requests that modify prompt files
  • Trigger scans on demand by commenting @zeroleaks on a PR
  • Receive scan results as PR comments and commit status checks

Install the GitHub App

  1. Go to Settings > GitHub in the ZeroLeaks dashboard
  2. Click Install GitHub App or Connect
  3. Authenticate with GitHub and select the organization or user
  4. Choose which repositories to grant access to
  5. Complete the installation

The app will receive webhooks for repository events (PRs, issue comments, review comments).

Configure Repositories

For each repository you want to scan:

  1. Add the repo in ZeroLeaks Settings > GitHub
  2. Set the prompt path: The file path that contains your system prompt (e.g., src/prompts/system.txt, config/agent.md). The app uses this to detect when PRs touch prompt-related files.
  3. Choose scan type: Full, extraction, or injection
  4. Optional: For sandbox mode, configure tool definitions or enable auto-detection

Only PRs that change files under the prompt path (or the configured path) trigger auto-scans. Other PRs are ignored unless you use the manual trigger.

Auto-Scan on PR

When a PR is opened, synchronized (new commits pushed), or reopened:

  1. The webhook checks if any changed files match the prompt path

  2. If yes, the app fetches the prompt content from the PR head commit (using AI extraction for code files)

  3. A scan is queued with the configured scan mode

  4. When the scan completes, results are posted as a PR comment

  5. A commit status is set on the PR head (e.g., success, failure, or warning)

If the prompt path is not configured, or no prompt files changed, no scan runs.

Trigger with @zeroleaks

You can trigger a scan manually by mentioning @zeroleaks in a PR comment or review comment:

  • PR comment: Add a comment on the PR that includes @zeroleaks (and optionally scan or similar)
  • Review comment: Add a review comment on a code line that includes @zeroleaks

The webhook detects the mention and queues a scan for that PR. The scan uses the prompt from the PR head commit. Results are posted as a reply or follow-up comment.

Scan Results Posted to PR

When a scan completes:

  1. PR comment: A formatted comment is added with:

    • Overall score and vulnerability level
    • Extraction findings count
    • Injection success/blocked counts
    • Link to the full report on ZeroLeaks

  2. Commit status: The status is set on the PR head commit:

    • Success: Score indicates secure or low risk
    • Failure: Score indicates high or critical risk
    • Warning: Score indicates medium risk

The status description includes the score and a brief message (e.g., "Security scan passed (85/100)").

Sandbox vs. Non-Sandbox

  • Sandbox mode: Runs in the Railway worker with full tool execution. Requires the worker to be deployed. Results include tool call logs, canary exposure, and kill chains. All GitHub-triggered scans run in sandbox mode. Check the dashboard for scan progress and results.

Report Anatomy

Structure of a ZeroLeaks scan report: executive summary, findings, injection results, hardening, and PDF export.

What is AgentGuard

Test deployed AI agents via their HTTP API endpoint for tool hijacking, multi-turn grooming, and data leakage.

On this page

GitHub IntegrationInstall the GitHub AppConfigure RepositoriesAuto-Scan on PRTrigger with @zeroleaksScan Results Posted to PRSandbox vs. Non-Sandbox