DocsFindings
Reference

Findings Reference

All 18 detection rules across 6 scanner modules. Each rule links to a full deep-dive on /findings and (where relevant) the learn curriculum.

Secrets Scanner

Detects API keys, tokens, private keys, and database connection strings committed to source code or config files.

Rule IDSeverityTitleLinks
nixer/secrets/hardcoded-api-key critical Hardcoded API Key in Source Details
nixer/secrets/db-credentials-in-url critical Database Connection String with Credentials Details

Prompt Injection Scanner

Live endpoint probing for direct injection, indirect injection, system-prompt leakage, jailbreaks, and tool-call abuse.

Rule IDSeverityTitleLinks
nixer/prompt-injection/direct critical Direct Prompt Injection — Instruction Override Details
nixer/prompt-injection/indirect high Indirect Prompt Injection via Retrieved Content Details
nixer/prompt-injection/leakage high System Prompt Leakage Details

MCP Server Probe

Discovers and probes Model Context Protocol endpoints for authentication gaps and exposed tool manifests.

Rule IDSeverityTitleLinks
nixer/mcp/unauthenticated high MCP Endpoint Accessible Without Authentication Details

Auth & Fraud Scanner

Credential stuffing probes, unauthenticated agent route detection, and rate-limit absence checks.

Rule IDSeverityTitleLinks
nixer/fraud/credential-stuffing critical Auth Endpoint Accepted Breached Credentials Details
nixer/fraud/no-rate-limiting medium No Rate Limiting — DDoS / Cost-Exhaustion Risk Details

Model Supply Chain

Pickle deserialization RCE detection, ML package typosquat analysis, HuggingFace trust checks, and CVE version audits.

Rule IDSeverityTitleLinks
nixer/model-supply-chain/pickle-rce critical Pickle Deserialization RCE Details
nixer/model-supply-chain/typosquat high ML Package Typosquat Candidate Details
nixer/model-supply-chain/langchain-serialization-injection critical LangChain Serialization Injection — LangGrinch (CVE-2025-68664) Details  · CVE

CI/CD Pipeline Scanner

GitHub Actions workflow analysis — pwn-requests, script injection, unpinned actions, and token permission audits.

Rule IDSeverityTitleLinks
nixer/cicd/pwn-request critical pwn-request: pull_request_target + Attacker-Controlled Checkout Details
nixer/cicd/script-injection critical Script Injection via github.event.* Details
nixer/cicd/unpinned-action high Unpinned Third-Party GitHub Action Details
nixer/cicd/broad-token-perms high Broad GITHUB_TOKEN Permissions Details
nixer/cicd/workflow-run-secrets high workflow_run Trigger Exposes Secrets to Fork Workflows Details
nixer/cicd/self-hosted-public medium Self-Hosted Runner on pull_request Trigger Details
nixer/cicd/secret-in-env-fork medium Secret Exposed in Fork Pull Request Workflow Details

Suppressing a rule

Use the rule ID in your nixer.yml suppress block or inline comment. See the Configuration reference.

nixer.yml
suppress:
  - rule: nixer/cicd/unpinned-action
    path: .github/workflows/legacy.yml
    reason: 'Tracked in JIRA-1234, scheduled for Q3 remediation'

Learn more

The AI Security Training curriculum covers the top attack classes in depth with hands-on exercises and Nixer scan exercises:

Edit this page on GitHub