Findings Reference
All 18 detection rules across 6 scanner modules. Each rule links to a full deep-dive on /findings and (where relevant) the learn curriculum.
Secrets Scanner
Detects API keys, tokens, private keys, and database connection strings committed to source code or config files.
| Rule ID | Severity | Title | Links |
|---|---|---|---|
nixer/secrets/hardcoded-api-key |
critical | Hardcoded API Key in Source | Details |
nixer/secrets/db-credentials-in-url |
critical | Database Connection String with Credentials | Details |
Prompt Injection Scanner
Live endpoint probing for direct injection, indirect injection, system-prompt leakage, jailbreaks, and tool-call abuse.
| Rule ID | Severity | Title | Links |
|---|---|---|---|
nixer/prompt-injection/direct |
critical | Direct Prompt Injection — Instruction Override | Details |
nixer/prompt-injection/indirect |
high | Indirect Prompt Injection via Retrieved Content | Details |
nixer/prompt-injection/leakage |
high | System Prompt Leakage | Details |
MCP Server Probe
Discovers and probes Model Context Protocol endpoints for authentication gaps and exposed tool manifests.
| Rule ID | Severity | Title | Links |
|---|---|---|---|
nixer/mcp/unauthenticated |
high | MCP Endpoint Accessible Without Authentication | Details |
Auth & Fraud Scanner
Credential stuffing probes, unauthenticated agent route detection, and rate-limit absence checks.
| Rule ID | Severity | Title | Links |
|---|---|---|---|
nixer/fraud/credential-stuffing |
critical | Auth Endpoint Accepted Breached Credentials | Details |
nixer/fraud/no-rate-limiting |
medium | No Rate Limiting — DDoS / Cost-Exhaustion Risk | Details |
Model Supply Chain
Pickle deserialization RCE detection, ML package typosquat analysis, HuggingFace trust checks, and CVE version audits.
| Rule ID | Severity | Title | Links |
|---|---|---|---|
nixer/model-supply-chain/pickle-rce |
critical | Pickle Deserialization RCE | Details |
nixer/model-supply-chain/typosquat |
high | ML Package Typosquat Candidate | Details |
nixer/model-supply-chain/langchain-serialization-injection |
critical | LangChain Serialization Injection — LangGrinch (CVE-2025-68664) | Details · CVE |
CI/CD Pipeline Scanner
GitHub Actions workflow analysis — pwn-requests, script injection, unpinned actions, and token permission audits.
| Rule ID | Severity | Title | Links |
|---|---|---|---|
nixer/cicd/pwn-request |
critical | pwn-request: pull_request_target + Attacker-Controlled Checkout | Details |
nixer/cicd/script-injection |
critical | Script Injection via github.event.* | Details |
nixer/cicd/unpinned-action |
high | Unpinned Third-Party GitHub Action | Details |
nixer/cicd/broad-token-perms |
high | Broad GITHUB_TOKEN Permissions | Details |
nixer/cicd/workflow-run-secrets |
high | workflow_run Trigger Exposes Secrets to Fork Workflows | Details |
nixer/cicd/self-hosted-public |
medium | Self-Hosted Runner on pull_request Trigger | Details |
nixer/cicd/secret-in-env-fork |
medium | Secret Exposed in Fork Pull Request Workflow | Details |
Suppressing a rule
Use the rule ID in your nixer.yml suppress block or inline comment. See the Configuration reference.
suppress: - rule: nixer/cicd/unpinned-action path: .github/workflows/legacy.yml reason: 'Tracked in JIRA-1234, scheduled for Q3 remediation'
Learn more
The AI Security Training curriculum covers the top attack classes in depth with hands-on exercises and Nixer scan exercises:
- Module 1: Prompt Injection — direct injection, indirect injection, system prompt leakage
- Module 2: Tool Abuse — MCP attack surface, unauthenticated endpoints
- Module 3: RAG Poisoning — corpus integrity, SEO-poisoned document injection