feat(llm-security-copilot): port llm-security v5.1.0 to GitHub Copilot CLI

Full port of llm-security plugin for internal use on Windows with GitHub
Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs)
normalizes Copilot camelCase I/O to Claude Code snake_case format — all
original hook scripts run unmodified.

- 8 hooks with protocol translation (stdin/stdout/exit code)
- 18 SKILL.md skills (Agent Skills Open Standard)
- 6 .agent.md agent definitions
- 20 scanners + 14 scanner lib modules (unchanged)
- 14 knowledge files (unchanged)
- 39 test files including copilot-port-verify.mjs (17 tests)
- Windows-ready: node:path, os.tmpdir(), process.execPath, no bash

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

plugins/llm-security-copilot/templates/archive/scan-report.md

@@ -0,0 +1,188 @@
+# Security Scan Report
+
+<!--
+TEMPLATE USAGE
+This is a reference document describing the expected output structure for `/security scan`.
+Agents and commands use this as a formatting guide — fill every section with real findings.
+Do NOT output placeholder text. If a section has no findings, write "None identified."
+-->
+
+---
+
+## Header
+
+**Project:** [Name of the project or directory that was scanned]
+**Scan timestamp:** [ISO 8601 — e.g. 2026-02-19T14:03:22Z]
+**Scope:** [Absolute or relative path(s) passed to the scan command — e.g. `./plugins/llm-security` or `**/*.md, hooks/`]
+**Scan type:** [One of: full | secrets | injection | permissions | mcp | supply-chain]
+**Triggered by:** [Command invocation string — e.g. `/security scan ./plugins`]
+
+---
+
+## Executive Summary
+
+| Field | Value |
+|-------|-------|
+| Verdict | [ALLOW / WARNING / BLOCK] |
+| Risk score | [0–100 integer] |
+| Critical findings | [count] |
+| High findings | [count] |
+| Medium findings | [count] |
+| Low findings | [count] |
+| Info findings | [count] |
+| Files scanned | [count] |
+| Scan duration | [e.g. 4.2 s] |
+
+**Verdict rationale:** [1–2 sentences explaining why this verdict was chosen. BLOCK = at least one Critical; WARNING = High or multiple Medium; ALLOW = Low/Info only.]
+
+---
+
+## Findings
+
+Findings are sorted Critical → High → Medium → Low → Info within each section.
+Each finding ID is formatted `SCN-[NNN]` (e.g. `SCN-001`).
+
+### Critical
+
+> No Critical findings — omit this section if empty.
+
+| ID | Category | File / Location | Line | Description |
+|----|----------|-----------------|------|-------------|
+| SCN-001 | [Category — see list below] | [path/to/file.md] | [L42] | [Short description of the issue] |
+
+**SCN-001 Detail**
+
+- **Severity:** Critical
+- **Category:** [Secrets / Injection / Permissions / Supply Chain / MCP Trust / Destructive / Output Handling / Other]
+- **File:** [Full relative path]
+- **Line(s):** [Line range or N/A]
+- **OWASP LLM Reference:** [e.g. LLM02:2025 Sensitive Information Disclosure]
+- **Description:** [Full explanation of what was found and why it is a risk]
+- **Evidence:** [Exact excerpt or pattern that triggered the finding — redact actual secret values]
+- **Remediation:** [Concrete, actionable fix with example if applicable]
+
+---
+
+### High
+
+> No High findings — omit this section if empty.
+
+| ID | Category | File / Location | Line | Description |
+|----|----------|-----------------|------|-------------|
+| SCN-002 | [Category] | [path/to/file.md] | [L17] | [Short description] |
+
+**SCN-002 Detail**
+
+- **Severity:** High
+- **Category:** [Category]
+- **File:** [path]
+- **Line(s):** [range]
+- **OWASP LLM Reference:** [reference]
+- **Description:** [explanation]
+- **Evidence:** [excerpt]
+- **Remediation:** [fix]
+
+---
+
+### Medium
+
+> No Medium findings — omit this section if empty.
+
+| ID | Category | File / Location | Line | Description |
+|----|----------|-----------------|------|-------------|
+| SCN-003 | [Category] | [path/to/file.md] | [L5] | [Short description] |
+
+*(Follow same detail block format as Critical/High above)*
+
+---
+
+### Low
+
+> No Low findings — omit this section if empty.
+
+| ID | Category | File / Location | Line | Description |
+|----|----------|-----------------|------|-------------|
+| SCN-004 | [Category] | [path/to/file.md] | [L88] | [Short description] |
+
+*(Follow same detail block format)*
+
+---
+
+### Info
+
+> Informational observations that do not require immediate action.
+
+| ID | Category | File / Location | Observation |
+|----|----------|-----------------|-------------|
+| SCN-005 | [Category] | [path/to/file.md] | [Observation] |
+
+---
+
+## Supply Chain Assessment
+
+> Include this section when scan type is `supply-chain`, `mcp`, or `full`.
+> Omit for narrow scans (e.g. secrets-only).
+
+| Component | Type | Source | Trust score | Notes |
+|-----------|------|--------|-------------|-------|
+| [plugin-name / mcp-server-name] | [Plugin / MCP / Hook] | [URL or local path] | [0–10] | [Verification status] |
+
+**Source verification:** [Were sources verified against known-good hashes, npm provenance, or GitHub releases? Describe outcome.]
+
+**Permissions analysis:**
+- Requested tools: [list]
+- Minimum necessary tools: [list]
+- Over-permissioned: [Yes / No — explain if Yes]
+
+**Supply chain risk summary:** [1–3 sentences on overall supply chain health]
+
+---
+
+## Recommendations
+
+Prioritized by risk. Address Critical and High items before merge/deploy.
+
+| Priority | Finding ID(s) | Action | Effort |
+|----------|---------------|--------|--------|
+| 1 | SCN-001 | [Actionable step] | [Low / Medium / High] |
+| 2 | SCN-002 | [Actionable step] | [Low / Medium / High] |
+| 3 | SCN-003, SCN-004 | [Actionable step] | [Low / Medium / High] |
+
+**Quick wins (< 5 min):** [List any findings that can be fixed in under 5 minutes — e.g. removing a hardcoded token, adding a `.gitignore` entry]
+
+---
+
+## Footer
+
+| Field | Value |
+|-------|-------|
+| llm-security version | [e.g. 0.1.0] |
+| Scan engine | llm-security skill-scanner-agent / mcp-scanner-agent |
+| Scan duration | [e.g. 4.2 s] |
+| OWASP references | LLM Top 10 2025, Agentic AI Top 10 |
+| Report generated | [ISO 8601 timestamp] |
+
+---
+
+<!--
+CATEGORY REFERENCE (for agents filling in this template)
+Use exactly one of these category labels per finding:
+
+- Secrets            — hardcoded credentials, tokens, API keys, private keys
+- Injection          — prompt injection, command injection, path traversal
+- Permissions        — over-permissioned tools, missing deny-first, excessive scope
+- Supply Chain       — unverified plugin/MCP sources, typosquatting, unsigned packages
+- MCP Trust          — unsafe MCP server config, missing auth, data leakage via MCP
+- Destructive        — commands that delete, overwrite, or corrupt data/state
+- Output Handling    — sensitive data in outputs, logs, or artifacts
+- Other              — anything that does not fit the categories above
+
+VERDICT DECISION LOGIC
+- BLOCK   : 1 or more Critical findings
+- WARNING : 1 or more High findings, OR 3 or more Medium findings
+- ALLOW   : Low and Info findings only, zero Critical/High/Medium
+
+RISK SCORE FORMULA (0–100)
+  (Critical * 25) + (High * 10) + (Medium * 4) + (Low * 1)
+  Capped at 100. Round to nearest integer.
+-->