Snyk Agent Scan
Security scanner that discovers and scans AI agents, MCP servers, and agent skills for prompt injection and vulnerabilities.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for Snyk Agent Scan, derived from its capabilities.
AIVSS 5.7 · Medium
View MAESTRO 7-layer threat model →Overview
Snyk Agent Scan discovers agent components installed on a machine (agents, MCP servers, skills) and scans them for prompt-injection payloads, tool poisoning, and vulnerable code. It is purpose-built for the MCP threat model itself, treating the agent supply chain as an attack surface. Useful for auditing third-party MCP servers before trusting them in an agent runtime.
Key features
- Discovers installed agents, MCP servers, and skills
- Detects prompt injection and tool-poisoning
- Scans the agent supply chain, not just app code
Use cases
- Audit an untrusted MCP server before enabling it
- Inventory and vet agent skills on a developer machine