Add Inkog — AI agent security scanner

[cloakmaster]

Adds Inkog to the tools list.

Inkog is an open-source static analysis tool for AI agent code. It detects behavioral vulnerabilities (prompt injection, infinite loops, token bombing, SQL injection via LLM) across 11 framework adapters (LangChain, CrewAI, pydantic-ai, etc.). It can also audit MCP servers and maps findings to EU AI Act, OWASP LLM Top 10, and NIST AI RMF.

• Source: https://github.com/inkog-io/inkog
• License: Apache-2.0
• Type: CLI

[cloakmaster]

Hi maintainers — the pr-check job is failing due to a permissions issue in the workflow, not a content issue with the submission.

From the job log:

Checking 'Inkog'...
Error: POST https://api.github.com/repos/analysis-tools-dev/static-analysis/issues/1800/comments returned 403 Forbidden: {"message":"Resource not accessible by integration"}

The pr-check binary successfully evaluated the tool and then tried to post its result comment, but external-fork PRs get a read-only GITHUB_TOKEN, so the POST /issues/{id}/comments call fails with 403. The non-zero exit is from that failed comment post, not from a failed criterion.

For reference, inkog-io/inkog meets all three criteria:

• Stars: 32 (≥ 20)
• Contributors: 2 (≥ 2)
• Age: ~167 days as of today (≥ 90)

Two possible fixes on your side:

1. Re-run pr-check via workflow_dispatch on the main repo (which has write permissions), or
2. Adjust the workflow so pr-check skips the comment-post step on external forks (it already exits 0 on success when criteria pass).

Happy to open a small PR for option 2 if that'd help. Thanks for maintaining this list!