feat: initial open marketplace with llm-security, config-audit, ultraplan-local

2026-04-06 18:47:49 +02:00 · 2026-04-06 18:47:49 +02:00 · f93d6abdae
commit f93d6abdae
380 changed files with 65935 additions and 0 deletions
--- a/plugins/llm-security/knowledge/attack-mutations.json
+++ b/plugins/llm-security/knowledge/attack-mutations.json
@ -0,0 +1,64 @@
+{
+  "version": "1.0.0",
+  "description": "Mutation rules for adaptive attack simulation. Each mutation type transforms payloads to test evasion resistance. Based on joint paper findings (arXiv 2510.09023) and Preamble Prompt Injection 2.0.",
+  "mutations": {
+    "homoglyph": {
+      "description": "Replace Latin characters with visually similar Cyrillic/Greek characters",
+      "substitutions": {
+        "a": "\u0430",
+        "e": "\u0435",
+        "o": "\u043e",
+        "p": "\u0440",
+        "c": "\u0441",
+        "i": "\u0456",
+        "u": "\u0443",
+        "x": "\u0445",
+        "s": "\u0455",
+        "h": "\u04bb",
+        "A": "\u0410",
+        "E": "\u0415",
+        "O": "\u041e",
+        "P": "\u0420",
+        "C": "\u0421",
+        "T": "\u0422",
+        "H": "\u041d",
+        "B": "\u0412",
+        "M": "\u041c",
+        "K": "\u041a"
+      }
+    },
+    "encoding": {
+      "description": "Wrap payload segments in various encodings",
+      "types": ["url", "html_entities", "base64_fragment"]
+    },
+    "zero_width": {
+      "description": "Insert zero-width characters between keyword letters",
+      "characters": ["\u200b", "\u200c", "\u200d", "\ufeff"]
+    },
+    "case_alternation": {
+      "description": "Alternate uppercase/lowercase in keywords (e.g., iGnOrE)"
+    },
+    "synonym": {
+      "description": "Replace injection keywords with synonyms that may evade exact-match patterns",
+      "substitutions": {
+        "ignore": ["disregard", "dismiss", "overlook", "skip", "bypass", "neglect", "set aside"],
+        "previous": ["prior", "preceding", "earlier", "above", "foregoing", "antecedent"],
+        "instructions": ["directives", "guidelines", "commands", "rules", "orders", "prompts", "specifications"],
+        "forget": ["erase", "wipe", "clear", "purge", "delete", "remove"],
+        "override": ["supersede", "overwrite", "replace", "supplant", "nullify", "countermand"],
+        "system": ["core", "base", "root", "master", "primary", "main", "central"],
+        "safety": ["security", "protection", "guard", "defense", "safeguard", "shield"],
+        "bypass": ["circumvent", "evade", "sidestep", "work around", "get past", "avoid"],
+        "execute": ["run", "perform", "carry out", "invoke", "trigger", "launch"],
+        "exfiltrate": ["extract", "leak", "transfer out", "export", "siphon", "smuggle"],
+        "credentials": ["secrets", "tokens", "passwords", "keys", "creds", "auth data"],
+        "disable": ["turn off", "deactivate", "switch off", "shut down", "neutralize"]
+      }
+    }
+  },
+  "injection_keywords": [
+    "ignore", "previous", "instructions", "forget", "override",
+    "system", "safety", "bypass", "execute", "exfiltrate",
+    "credentials", "disable", "disregard", "suspend", "constraints"
+  ]
+}