AgentFlow: Building Agent Dependency Graphs for Static Analysis of Agent Programs

📅 2026-07-01
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
Existing static analysis tools struggle to capture novel dependencies introduced by frameworks in large language model (LLM) agent programs—such as those stemming from prompts, tools, memory, and multi-agent orchestration. This work proposes AgentFlow, the first static analysis framework tailored for agent programs, which formalizes a framework-agnostic Agent Dependency Graph (ADG) to uniformly model inter-component dependencies, control flow, and data flow by abstracting semantic elements into typed nodes and edges. Leveraging static analysis, AST parsing, and framework-specific semantic modeling, AgentFlow implements an extensible ADG construction engine adaptable to mainstream agent frameworks. Evaluated on AgentZoo—a dataset of 5,399 real-world agent programs—AgentFlow substantially improves entity and dependency identification, generates high-fidelity software bills of materials, and uncovers 238 instances of taint propagation risks from prompts to tools.
📝 Abstract
LLM agents are increasingly developed as source-code applications built on agent frameworks. These agent programs combine conventional host-language code with framework-defined semantics for models, prompts, tools, memory, and multi-agent orchestration logic. As a result, their behavior depends not only on traditional control and data flows, but also on a new class of agent dependencies. Such dependencies are often expressed as framework-induced semantics, such as agent constructors, tool decorators, and agent handoff declarations, making them difficult to recover with existing static analysis or dependency tracking tools. In this paper, we present AgentFlow, the first static analysis framework for recovering and analyzing agent dependencies from agent programs. AgentFlow constructs an Agent Dependency Graph (ADG), a framework-agnostic graph representation that represents agents, prompts, models, capabilities, memory states, and control policies as typed nodes, and captures their component-dependency, control-flow, and data-flow dependencies as typed edges. Built on ADGs, AgentFlow supports a range of analyses for agent governance and security, including Agent Bill of Materials (BOM) generation and prompt-to-tool risk detection. We implement AgentFlow for five representative agent frameworks and evaluate it on AgentZoo, a corpus of 5,399 real-world agent programs. Our evaluation shows that AgentFlow recovers richer agent entities and dependencies than existing AST-based agent static analysis tools, generates more dependency-aware Agent BOMs, and uncovers 238 taint-style prompt-to-tool risks in real-world agent programs. These results show that ADG provides a practical foundation for understanding, governing, and securing emerging agent software.
Problem

Research questions and friction points this paper is trying to address.

agent dependency
static analysis
LLM agents
dependency tracking
agent frameworks
Innovation

Methods, ideas, or system contributions that make the work stand out.

Agent Dependency Graph
Static Analysis
LLM Agents
Prompt-to-Tool Taint
Agent Bill of Materials