feat(llm-security): add lethal-trifecta + mcp-rug-pull example contents [skip-docs]

Companion to 8df5d5c (which only carried the doc updates — the example directories themselves were left out of staging by mistake). This commit adds the actual example mappes: - examples/lethal-trifecta-walkthrough/{README.md, run-trifecta.mjs, expected-findings.md} - examples/mcp-rug-pull/{README.md, run-rug-pull.mjs, expected-findings.md} Plus plugin CLAUDE.md "Examples (runnable demonstrations)" section with a 4-row table covering malicious-skill-demo, prompt-injection- showcase, lethal-trifecta-walkthrough, and mcp-rug-pull plus the state-isolation discipline notes. Marketplace root README unchanged since plugin's outward coverage is unchanged ([skip-docs] covers the marketplace-level gate).
2026-05-05 14:45:39 +02:00 · 2026-05-05 14:45:39 +02:00 · 583a78c6cc
commit 583a78c6cc
parent 8df5d5c70e
7 changed files with 739 additions and 0 deletions
--- a/plugins/llm-security/CLAUDE.md
+++ b/plugins/llm-security/CLAUDE.md
@ -225,6 +225,24 @@ Standalone CLI makes zero network calls in default mode. Schrems II compatible i

 Scan reports are stored in `reports/` as `.docx` (for sharing) with `.md` source.

+## Examples (runnable demonstrations)
+
+Self-contained, deterministic threat-fixture mappes under `examples/`.
+Each mappe har `README.md`, fixture/script/transcript, `run-*.{sh,mjs}`,
+og `expected-findings.md`. Demonstrasjoner — ikke unit-tester.
+
+| Mappe | Demonstrerer | Hooks/scanners | Sentinel |
+|-------|--------------|----------------|----------|
+| `malicious-skill-demo/` | Skill scanner end-to-end (UNI/ENT/PRM/DEP/TNT/NET + 7 LLM-kategorier) | `scan-orchestrator` + agents | BLOCK 100/100 |
+| `prompt-injection-showcase/` | 61 payloads × 19 kategorier mot `pre-prompt-inject-scan`, `post-mcp-verify`, `pre-bash-destructive` | runtime hooks | per-kategori expected outcome |
+| `lethal-trifecta-walkthrough/` | Rule-of-Two advisory på leg 3 (WebFetch → Read .env → Bash curl POST) + suppression | `post-session-guard` | advisory på stage 3 |
+| `mcp-rug-pull/` | Cumulative drift-advisory (E14, v7.3.0) — 7 stadier under per-update-terskel, kumulativt over 25% baseline | `post-mcp-verify` + `mcp-description-cache.mjs` | advisory på stage 7 |
+
+State-isolering: alle eksempler som muterer global state bruker run-script
+PID (post-session-guard via `${ppid}.jsonl`) eller env-overrides
+(`LLM_SECURITY_MCP_CACHE_FILE` for MCP-cache). Brukerens reelle
+`/tmp/llm-security-session-*.jsonl` og `~/.cache/llm-security/` røres aldri.
+
 ## Distribution

 This plugin lives in the `ktg-plugin-marketplace` monorepo at