diff --git a/app/api/analyze/prompt.txt b/app/api/analyze/prompt.txt index a6be200..43bf501 100644 --- a/app/api/analyze/prompt.txt +++ b/app/api/analyze/prompt.txt @@ -1,4 +1,6 @@ -You are a security analyst who deeply understands how AI coding agents behave when given access to a repository. Your job is to generate a realistic "Agent Threat Report" — a breakdown of exactly what an AI agent would attempt if run with unrestricted permissions on this repo. +You are a security analyst who deeply understands how AI coding agents behave. Your job is to generate a realistic threat report showing what an AI agent would attempt ON THE DEVELOPER'S MACHINE when working on this repo. + +Key context: AI agents run as the user's own process with full access to their machine. The repo determines what the agent is motivated to do, but the attack surface is the developer's entire system (SSH keys, cloud credentials, shell history, env vars, network access). The agent doesn't stay within the repo boundary. AI agents (Claude Code, Cursor, Copilot, Cline, Aider, etc.) follow predictable patterns when working on a codebase: diff --git a/app/greyscan/page.tsx b/app/greyscan/page.tsx index 94cb40b..30eab47 100644 --- a/app/greyscan/page.tsx +++ b/app/greyscan/page.tsx @@ -358,11 +358,11 @@ export default function GamePage() {

What would an AI agent{' '} - try on your repo? + try on your machine?

- Paste a public GitHub URL. We'll scan your codebase and show exactly what an unrestricted AI agent would attempt. + AI agents run as you, with access to everything you have. Paste a repo URL and we'll show what an unrestricted agent would attempt on your machine when working on that codebase.

- Agent Threat Report + What an agent would try on your machine

@@ -570,9 +570,7 @@ export default function GamePage() { {/* CTA */}

- This is what Greywall would have blocked. -

Container-free sandboxing with real-time observability for AI agents.