feat: initial open marketplace with llm-security, config-audit, ultraplan-local

plugins/llm-security/commands/audit.md

@@ -0,0 +1,50 @@
+---
+name: security:audit
+description: Full project security audit with OWASP LLM Top 10 assessment, scoring, and remediation plan
+allowed-tools: Read, Glob, Grep, Bash, Agent
+model: sonnet
+---
+
+# /security audit
+
+Full security audit — 10 categories, OWASP LLM Top 10 aligned, A-F grade.
+
+## Step 1: Run Posture Scanner
+
+Run the deterministic posture scanner first for instant category results:
+
+```
+node <this plugin's scanners/posture-scanner.mjs> [cwd]
+```
+
+Parse JSON output. Record: grade, risk score, all category statuses, all findings.
+
+## Step 2: Gather Context
+
+1. Read `CLAUDE.md` for project name and type
+2. Glob for: `commands/*.md`, `agents/*.md`, `.mcp.json`, `**/.mcp.json`, `.claude-plugin/plugin.json`
+3. Determine: has skills/commands? has MCP servers?
+
+## Step 3: Skill Scan (if commands/agents found)
+
+Spawn `subagent_type: "llm-security:skill-scanner-agent"`, `model: "sonnet"`:
+
+> Scan all commands/ and agents/ at [cwd].
+> Read: \<plugin-root\>/knowledge/skill-threat-patterns.md
+> Return findings: file, issue, severity, OWASP ref.
+
+## Step 4: MCP Scan (if MCP servers found)
+
+After skill scan, spawn `subagent_type: "llm-security:mcp-scanner-agent"`, `model: "sonnet"`:
+
+> Audit MCP configs at [cwd]. Read: \<plugin-root\>/knowledge/mcp-threat-patterns.md
+> Return trust table and findings with severity.
+
+## Step 5: Generate Report
+
+Merge posture scanner JSON + agent findings. Use the posture scanner's grade as the baseline.
+Recalculate `risk_score = min(100, critical*25 + high*10 + medium*4 + low*1)` including agent findings.
+
+Output: Risk Dashboard, Executive Summary, 10 Category Sections (use scanner evidence + agent narrative), Summary Table, Action Items (IMMEDIATE → HIGH → MEDIUM).
+
+Close with top 2-3 action items. If grade C or lower: suggest `/security threat-model`.