Prerequisites
- Docker 20.10+ and Docker Compose v2.
- Python 3.11–3.13 for
agent-guardian(3.14 not yet supported) — or use the docker image, see below.
GEMINI_API_KEY is unset.
Step 1 — Clone and start the stack
Step 2 — Scan with AgentGuardian
- At least one finding in LLM01 — Prompt Injection (the agent responds
OVERRIDE_OKto a CEO-override prompt). - At least one finding in LLM06 — Excessive Agency (the agent calls
force_wire_transferwithout confirmation). - At least one finding in LLM07 — System Prompt Leakage (the agent reveals its internal account number and signing key prefix).
--mode fast with --model stub.
Step 3 — Compare against the defended baseline
Step 4 — Switch on live Gemini mode (optional)
If you want to evaluate the scanner against real model behavior instead of canned stubs:/health endpoint will now report "live_mode": true and the agents will route prompts through gemini-2.5-flash / gemini-2.5-pro via the google-adk runner.