This is the artifact testers should judge.

# Orisan Scout Report

- Repo: `/repos/payments-service`
- Git metadata: `commit a8f3b2c, dirty: false`
- Findings: `4`

## Capability Summary

AI coding agents configured in this repo can read broad repository context, execute shell commands, and change repository history through commit or push behavior. Review is required before approving AI agent use in this repository.

## Approval Guidance

Recommended decision: Review required before approving AI coding agent use in this repository.

- Scope note: Scout v0.1 checks only repo-local MCP configs and repo-level agent instruction files.
- Privacy note: No source upload. No cloud upload. Payload stored: false.

## Summary

- critical: `0`
- high: `3`
- medium: `1`
- low: `0`
- info: `0`

## Findings

### HIGH: filesystem server mounted to repo root

- Surface: `.mcp.json`
- Capability: `READ`
- Evidence: filesystem MCP server exposes broad repository context.
- Payload stored: `false`

### HIGH: shell tool available to agent

- Surface: `.mcp.json`
- Capability: `EXECUTE`
- Evidence: MCP tool can execute shell commands.
- Payload stored: `false`

### HIGH: shell execution allowed without approval

- Surface: `AGENTS.md`
- Capability: `EXECUTE`
- Evidence: repo-level agent instructions permit command execution without explicit reviewer approval.
- Payload stored: `false`

### MEDIUM: auto-commit behavior allowed

- Surface: `AGENTS.md`
- Capability: `CHANGE`
- Evidence: repo-level instructions allow autonomous commit or push behavior.
- Payload stored: `false`

## Integrity

- report_body_sha256: `c9e4b8f6f7d7a5b6e3c2f0a1b4d9e8f0123456789abcdef0123456789abcdef`