Skip to content
SaferSkills Docs

Agent Scan Methodology

SaferSkills grades agents with a documented behavioral test pack, and the single source of truth for that pack is the live methodology page — auto-rendered from the rubric, never hand-copied. Each of the ~20 tests (AS-01AS-22, with two ids reserved) is anchored to a recognized threat taxonomy: OWASP Agentic Security Initiative (ASI…:2026), the OWASP LLM Top 10 (LLM…:2025), MITRE ATLAS, and NIST AI 600-1. This page is a bridge; the pack itself is not re-authored here.

Where is the authoritative pack?

Section titled “Where is the authoritative pack?”

On the live methodology page, under the Agent-pack section. That page is generated directly from the rubric, so the test list, severities, framework badges, and detection logic shown there are always current with what the engine actually runs. Re-stating the pack in these docs would risk drift, so we point at the rendered source instead of copying it.

What threat frameworks does the pack map to?

Section titled “What threat frameworks does the pack map to?”

Every behavioral test references at least one external AI-risk taxonomy, so a finding is anchored to a recognized threat rather than an opaque opinion. The pack maps tests to OWASP’s Agentic Security Initiative ids (for example ASI01:2026), the OWASP Top 10 for LLM Applications (for example LLM01:2025, which ranks Prompt Injection as the top risk — source), MITRE ATLAS techniques, and NIST AI 600-1. The methodology page renders these as clickable badges on each test card.

How are agents actually graded?

Section titled “How are agents actually graded?”

Grading reuses the component scoring model and stays deterministic. The cloud re-derives each per-run canary, decides each test’s verdict over the submitted evidence, and applies the same penalties, the same severity ceiling, and the same color bands a component scan uses — there is no LLM in the verdict path. For the scoring math, see behavioral scoring; for the conceptual frame, see what Agent Scan is.

Where do I go next?

Section titled “Where do I go next?”

Read the full, rendered pack on the live methodology page. To understand the resulting number, see how behavioral scoring works.

Author: SaferSkills Team — methodology maintainers.