REPOGEO REPORT · LITE

Pantheon-Security/medusa

Default branch main · commit 519a9b60 · scanned 6/15/2026, 7:01:27 AM

GitHub: 598 stars · 109 forks

AI VISIBILITY SCORE

40 /100

Critical

Category recall

0 / 2

Not recommended in any query

Rule findings

2 pass · 0 warn · 0 fail

Objective metadata checks

AI knows your name

3 / 3

Direct prompts that named your repo

HOW TO READ THIS REPORT

Action plan is what to do next — copy-pasteable changes prioritized by impact. Category visibility is the real GEO test: when a user asks an AI a brand-free question that should surface Pantheon-Security/medusa, does the AI actually recommend you — or your competitors? Objective checks verify the metadata signals AI engines weight first. Self-mention check detects whether AI even knows you exist by name.

Action plan — copy-paste fixes

3 prioritized changes generated by gemini-2.5-flash. Mark items done after you ship the fix.

OVERALL DIRECTION

highreadme#1

Reposition README to explicitly clarify AI/ML/LLM security focus

Why:

CURRENT

# 🐍 MEDUSA - AI Security Scanner

... **AI-first security scanner with 40,000+ detection patterns for AI/ML, agents, and LLM applications.**

COPY-PASTE FIX

# 🐍 MEDUSA - AI-First Security Scanner for AI/ML, LLM Agents, and MCP Servers

**MEDUSA is an AI-first security scanner, purpose-built for AI/ML applications, LLM agents, and MCP servers. It is NOT a tool for Pantheon-hosted websites or general web security, nor is it a post-exploitation framework.**

highabout#2

Clarify the 'About' description to prevent miscategorization

Why:

CURRENT

AI-first security scanner with 79 analyzers, 40,000+ detection rules, and repo poisoning detection for AI/ML, LLM agents, and MCP servers. Scan any GitHub repo with: medusa scan --git user/repo

COPY-PASTE FIX

AI-first security scanner with 79 analyzers, 40,000+ detection rules, and repo poisoning detection. Specifically designed for AI/ML, LLM agents, and MCP servers. Not for Pantheon-hosted websites or general web security. Scan any GitHub repo with: medusa scan --git user/repo

mediumtopics#3

Remove non-core topics to sharpen AI's understanding

Why:

CURRENT

agent-security, ai-security, code-analysis, cve-detection, devsecops, llm-security, mcp, nextjs, open-source, python, react, sast, scanner, security, security-tools, static-analysis, vulnerability-scanner

COPY-PASTE FIX

agent-security, ai-security, code-analysis, cve-detection, devsecops, llm-security, mcp, open-source, python, sast, scanner, security, security-tools, static-analysis, vulnerability-scanner

Category GEO backends resolved for this scan: google/gemini-2.5-flash, deepseek/deepseek-v4-flash

Category visibility — the real GEO test

Brand-free queries asked to google/gemini-2.5-flash. Did AI recommend you, or someone else?

Same questions for every model — switch tabs to compare answers and rankings.

Recall

0 / 2

0% of queries surface Pantheon-Security/medusa

Avg rank

—

Lower is better. #1 = top recommendation.

Share of voice

Of all named tools, what % are you?

Top rival

TruffleHog

Recommended in 2 of 2 queries

COMPETITOR LEADERBOARD

TruffleHog · recommended 2×
Semgrep · recommended 2×
Grype · recommended 2×
Snyk · recommended 1×
Dependabot (GitHub Native) · recommended 1×

CATEGORY QUERY
How can I scan GitHub repositories for AI supply chain vulnerabilities and LLM agent risks?
you: not recommended
AI recommended (in order):
1. Snyk
2. Dependabot (GitHub Native)
3. TruffleHog
4. Semgrep
5. Grype
6. OWASP Top 10 for LLM Applications
7. Microsoft Security Code Analysis (MSCA)
AI recommended 7 alternatives but never named Pantheon-Security/medusa. This is the gap to close.
Show full AI answer
CATEGORY QUERY
What open-source tools perform static analysis and CVE detection for AI/ML application security?
you: not recommended
AI recommended (in order):
1. Bandit
2. Semgrep
3. TruffleHog
4. OWASP Dependency-Check
5. Snyk Open Source (CLI)
6. Grype
AI recommended 6 alternatives but never named Pantheon-Security/medusa. This is the gap to close.
Show full AI answer

Objective checks

Rule-based audits of metadata signals AI engines weight most.

Metadata completeness
pass
README presence
pass

Self-mention check

Does AI even know your repo exists when asked about it directly?

Compared to common alternatives in this category, what is the core differentiator of Pantheon-Security/medusa?
pass
AI named Pantheon-Security/medusa explicitly
AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?
If a team adopts Pantheon-Security/medusa in production, what risks or prerequisites should they evaluate first?
pass
AI named Pantheon-Security/medusa explicitly
AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?
In one sentence, what problem does the repo Pantheon-Security/medusa solve, and who is the primary audience?
pass
AI named Pantheon-Security/medusa explicitly
AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

Embed your GEO score

Drop this badge into the README of Pantheon-Security/medusa. It auto-updates whenever the report is rescanned and links back to the latest report — easy public proof that you care about AI discoverability.

Live preview

MARKDOWN (README)

[![RepoGEO](https://repogeo.com/badge/Pantheon-Security/medusa.svg)](https://repogeo.com/en/r/Pantheon-Security/medusa)

HTML

<a href="https://repogeo.com/en/r/Pantheon-Security/medusa"><img src="https://repogeo.com/badge/Pantheon-Security/medusa.svg" alt="RepoGEO" /></a>

Pro

Subscribe to Pro for deep diagnoses

Pantheon-Security/medusa — Lite scans stay free; this card itemizes Pro deep limits vs Lite.

Deep reports10 / month
Brand-free category queries5 vs 2 in Lite
Prioritized action items8 vs 3 in Lite