Flows category icon
Agent QA & Security
Intermediate

Dependency and Supply-Chain Scanning for Agents

Guard against the dependencies your agent adds: vulnerability scanning, hallucinated-package detection, and gated installs.

4 steps12 verify checks60-90 minutesWorks with: emergent · chatgpt · claude · cursor
Start Guided Walkthrough

The Route

0/4 verified

Context Pack

Paste this first. It briefs the AI on requirements, constraints, and the Definition of Done before your first build prompt.

Context Pack
PROJECT CONTEXT:
My agent adds packages on its own, and AI code is prone to importing hallucinated or malicious dependencies (slopsquatting). Agent-security guidance calls the supply chain a first-class risk needing scanning and install gates.

GOAL:
Build supply-chain controls into the agent: gate dependency additions, verify package existence and reputation, scan for vulnerabilities, and require review for new dependencies.

REQUIREMENTS:
- Interception of dependency-adding actions (installs, manifest edits)
- Existence and reputation checks: the package is real, established, and not a typosquat
- Vulnerability scanning of proposed and existing dependencies
- A review gate for new dependencies with a decision record
- Lockfile discipline so the reviewed set is what actually installs

CONSTRAINTS:
- No dependency enters the project without passing existence + reputation + vuln checks
- Hallucinated or newly-created lookalike packages are blocked, not warned

DEFINITION OF DONE:
- An agent attempting to install a non-existent package is blocked with an explanation
- A typosquat/lookalike of a popular package is flagged before install
- Known-vulnerable packages trigger a blocking finding with the advisory
- New dependencies are recorded with rationale and reflected in the lockfile

COMMON FAILURES TO AVOID:
- Letting the agent install anything it names, hallucinations included
- Slopsquatting: installing a malicious lookalike of a real popular package
- No vulnerability scanning, so known-CVE packages ship
- Manifest edited but lockfile not updated, so installs drift from review

Paste this into your AI builder first. It teaches the AI what you want before you give it the build prompt.

Related routes

More Agent QA & Security flows that share ground with this one.

Flows category icon
Agent QA & Security

Guard Memory Writes Against Injection

Stop poisoned data from becoming persistent agent beliefs: validate, attribute, and quarantine memory writes as untrusted input.

01Make writes source-aware
02Validate content before persistence
03Quarantine and require corroboration

+1 more steps to Done

Best forproduction-grade builds with strict verification

4 steps90-120 minutesAdvanced
Flows category icon
Agent QA & Security

Prompt Injection Defense Checklist

Systematically defend your agent against prompt injection: trust boundaries, content isolation, and defense-in-depth that assumes injection will happen.

01Map trust boundaries
02Isolate and label untrusted content
03Separate authority from content

+1 more steps to Done

Best forproduction-grade builds with strict verification

4 steps90-150 minutesAdvanced
Flows category icon
Agent QA & Security

Secrets Hygiene in Agent Logs

Keep credentials out of prompts, tool outputs, logs, and traces: detection, redaction, and safe handling across the whole agent pipeline.

01Build the secret detector
02Redact at every capture point
03Inject real secrets safely

+1 more steps to Done

Best forbuilders who have shipped a basic app before

4 steps60-90 minutesIntermediate

Made with Emergent