feat: PentAGI AI Agent Security Analysis — Case Study #2

[Ek1m-Z3n1t]

Summary

• Adds pentagi-2026-04/ with full case study for PentAGI autonomous AI security agent
• Updates root README: CS#2 entry in Studies table, expanded scope description (IaC → applied security research), adds Falco to tools table
• Static analysis: 4 CRITICAL findings (docker.sock, root execution, NET_ADMIN, 1144 Docker API calls)
• Dynamic analysis: 462 EXFILTRATION events, 24 PROMPT_INJECTION attempts, 73.7% threat rate (274 requests)

Files

File	Description
pentagi-2026-04/README.md	Case study overview, findings summary, methodology
pentagi-2026-04/PENTAGI_CASE_STUDY_BRANDING.html	Full branded report with charts (98K)
pentagi-2026-04/PENTAGI_CASE_STUDY.html	Compact research report (76K)

Security

• HTML reports contain security research content describing detected attack patterns (EXFILTRATION, PROMPT_INJECTION) — these are findings/evidence, not active payloads
• No internal paths, credentials, or client data in published files
• auditor_skill.py BLOCK logged as approved FP in SECURITY_AUDIT_LOG.md (2026-06-17)
• TruffleHog scan will run on PR via existing security-scan.yml workflow

Test plan

• Verify HTML reports open correctly in browser
• Verify README links to both CS#1 and CS#2 resolve
• Confirm security-scan.yml passes (TruffleHog, Bandit, Checkov, Trivy)

🤖 Generated with Claude Code