# Clean — Auto + Semi-Auto + Manual Remediation

---

## Header

| Field | Value |
|-------|-------|
| **Report type** | clean |
| **Target** | ~/repos/dft-marketplace |
| **Date** | 2026-05-05 |
| **Mode** | dry-run |
| **Version** | llm-security v7.4.0 |
| **Scope** | scan + remediation buckets |
| **Triggered by** | /security clean . --dry-run |

---

## Risk Dashboard

| Metric | Value |
|--------|-------|
| **Risk Score** | 45/100 |
| **Risk Band** | High |
| **Grade** | C |
| **Verdict** | WARNING |

| Severity | Count |
|----------|------:|
| Critical | 1 |
| High | 3 |
| Medium | 4 |
| Low | 2 |
| Info | 3 |
| **Total** | **13** |

**Verdict rationale:** 13 findings classified by remediation tier. 4 auto-fixable, 5 semi-auto (require user confirmation), 3 manual (architecture-level), 1 suppressed (waiver registered).

---

## Remediation Summary

| Bucket | Count | Action |
|--------|------:|--------|
| Auto | 4 | Apply deterministic fixes (no user input) |
| Semi-auto | 5 | Generate proposals, confirm with user |
| Manual | 3 | Architecture-level — human decision required |
| Suppressed | 1 | Waiver registered in `.llm-security-ignore` |
| **Total** | **13** | |

---

## Findings

### Critical

| ID | Category | File | Line | Description | OWASP |
|----|----------|------|------|-------------|-------|
| CLN-001 | Secrets | agents/data-analyst.md | 47 | Hardcoded API key | LLM02 |

### High

| ID | Category | File | Line | Description | OWASP |
|----|----------|------|------|-------------|-------|
| CLN-002 | Excessive Agency | agents/web-helper.md | 3 | Lethal trifecta tool combination | ASI01 |
| CLN-003 | Permissions | .claude/settings.json | 5 | Wildcard `Bash(*)` permission | ASI04 |
| CLN-004 | Injection | commands/research.md | 22 | Indirect-injection vector | LLM01 |

### Medium

| ID | Category | File | Line | Description | OWASP |
|----|----------|------|------|-------------|-------|
| CLN-005 | MCP Trust | .mcp.json | 12 | Hidden imperative in MCP description | MCP05 |
| CLN-006 | Documentation | LICENSE | — | License file missing | — |
| CLN-007 | Documentation | SECURITY.md | — | Disclosure policy missing | — |
| CLN-008 | Output Handling | agents/notes.md | 89 | Markdown link-title injection sink | LLM01 |

### Low

| ID | Category | File | Line | Description | OWASP |
|----|----------|------|------|-------------|-------|
| CLN-009 | Documentation | README.md | 88 | Suspicious URL in example | — |
| CLN-010 | Documentation | CHANGELOG.md | — | Missing changelog file | — |

### Info

| ID | Category | File | Line | Description | OWASP |
|----|----------|------|------|-------------|-------|
| CLN-011 | Documentation | CONTRIBUTING.md | — | Missing contributing guidelines | — |
| CLN-012 | Documentation | .gitignore | — | Missing `.env*` exclusion | — |
| CLN-013 | Documentation | LICENSE | — | License header in source files | — |

---

## Auto

| ID | Action | Description |
|----|--------|-------------|
| CLN-001 | replace-with-env-var | Replace hardcoded `sk-prod-...` with `${API_KEY}`, log replacement to .llm-security-audit.jsonl |
| CLN-006 | create-file | Create `LICENSE` file (MIT, default) |
| CLN-012 | append-line | Append `.env*` to `.gitignore` |
| CLN-013 | add-license-header | Add MIT license header to top of source files |

---

## Semi-auto

| ID | Action | Description |
|----|--------|-------------|
| CLN-003 | propose-allowlist | Propose explicit Bash allow-list based on actual usage patterns |
| CLN-004 | propose-trust-bus | Propose Trust-Bus wrapper around indirect-injection vector |
| CLN-005 | propose-rewrite | Propose rewritten MCP description without imperative pattern |
| CLN-007 | scaffold-template | Generate SECURITY.md template; user confirms ownership/SLA terms |
| CLN-008 | propose-sanitizer | Propose sanitizer for Markdown link-title sink |

---

## Manual

| ID | Action | Description |
|----|--------|-------------|
| CLN-002 | architectural-review | Lethal trifecta requires architecture-level decision: split agent OR add hook policy |
| CLN-009 | manual-edit | Suspicious URL in README example — requires editorial judgment |
| CLN-010 | manual-write | CHANGELOG.md content requires reviewing git history |

---

## Suppressed

| ID | Reason | Waiver |
|----|--------|--------|
| CLN-011 | Repo policy: solo project, no external contributions | `.llm-security-ignore` rule `category:documentation/contributing` |

---

## Recommendations

1. **Immediate:** Run with `--apply` to execute the 4 auto-fixes.
2. **High:** Walk through 5 semi-auto proposals interactively (`--interactive`).
3. **Medium:** Schedule architecture review for the 3 manual items (CLN-002, CLN-009, CLN-010).
4. **Low:** Review the suppressed item (CLN-011) annually to confirm policy still applies.

---

*Clean dry-run complete. 13 findings: 4 auto, 5 semi-auto, 3 manual, 1 suppressed.*