A Dev.to report using the open-source AgentGuard security scanner evaluates three widely used AI agent frameworks—LlamaIndex, Microsoft AutoGen, and CrewAI—and finds large numbers of issues across their codebases. In the scan, LlamaIndex is associated with the highest level of findings, including 252 critical issues out of 1,003 high and medium results, across 2,951 files. The report describes common problem categories such as unbounded recursive agent execution, data exfiltration paths, and trust boundary violations. For Microsoft AutoGen, the scan identifies 80 critical issues, with highlighted concerns including Docker sandbox escaping risk due to host filesystem mounts, credential exposure in replay logs, and unsafe prompt trust patterns between an MCP host and server prompts. A second Dev.to post also states that the author opened three GitHub issues in the AutoGen and LlamaIndex repositories corresponding to container escape, self-modification behavior, and recursive execution concerns. CrewAI is reported to have fewer critical findings, with 391 medium findings and no critical or high issues reported. Across the articles, the author attributes the issues to recurring architectural gaps in trust boundaries, recursion/loop controls, and agent self-modification constraints.