# Deep Scan Report — {{TARGET}}

**Date:** {{TIMESTAMP}}
**Node.js:** {{NODE_VERSION}}
**Duration:** {{TOTAL_DURATION_MS}}ms

---

## Verdict: {{VERDICT}}

**Risk Score:** {{RISK_SCORE}}/100
**Total Findings:** {{TOTAL_FINDINGS}} ({{CRITICAL}}C {{HIGH}}H {{MEDIUM}}M {{LOW}}L {{INFO}}I)
**Scanners:** {{SCANNERS_OK}} ok, {{SCANNERS_ERROR}} error, {{SCANNERS_SKIPPED}} skipped

### Verdict Logic

| Condition | Threshold | Result |
|-----------|-----------|--------|
| Any CRITICAL or >=3 HIGH | Hard block | **BLOCK** |
| Any HIGH or >=5 MEDIUM | Review required | **WARNING** |
| Otherwise | Clean | **ALLOW** |

---

## Executive Summary

<!-- Synthesizer agent: Write 3-5 sentences summarizing the key security posture.
     Focus on: what types of issues dominate, which scanners found the most,
     whether findings suggest intentional malice vs. poor hygiene. -->

{{EXECUTIVE_SUMMARY}}

---

## Scanner Results

### 1. Unicode Analysis (UNI)

**Status:** {{UNI_STATUS}} | **Files:** {{UNI_FILES}} | **Findings:** {{UNI_FINDINGS}} | **Time:** {{UNI_DURATION}}ms

Detects hidden Unicode characters used for prompt injection and code obfuscation:
zero-width chars, Unicode Tag steganography, BIDI overrides (Trojan Source), homoglyphs.

<!-- List UNI findings here, grouped by severity -->

{{UNI_DETAILS}}

### 2. Entropy Analysis (ENT)

**Status:** {{ENT_STATUS}} | **Files:** {{ENT_FILES}} | **Findings:** {{ENT_FINDINGS}} | **Time:** {{ENT_DURATION}}ms

Detects encoded payloads via Shannon entropy: base64 blobs, hex-encoded data,
encrypted content, hardcoded secrets with high randomness.

<!-- List ENT findings here. Note: high false-positive rate on knowledge files is expected. -->

{{ENT_DETAILS}}

### 3. Permission Mapping (PRM)

**Status:** {{PRM_STATUS}} | **Files:** {{PRM_FILES}} | **Findings:** {{PRM_FINDINGS}} | **Time:** {{PRM_DURATION}}ms

Claude Code plugin analysis: purpose-vs-tools mismatches, dangerous tool combinations,
ghost hooks, haiku on sensitive agents, overprivileged components.

<!-- List PRM findings here -->

{{PRM_DETAILS}}

### 4. Dependency Audit (DEP)

**Status:** {{DEP_STATUS}} | **Files:** {{DEP_FILES}} | **Findings:** {{DEP_FINDINGS}} | **Time:** {{DEP_DURATION}}ms

CVE detection (npm/pip audit), typosquatting (Levenshtein vs top packages),
malicious install scripts, unpinned versions.

<!-- List DEP findings here, or note "skipped" if no package manager files -->

{{DEP_DETAILS}}

### 5. Taint Tracing (TNT)

**Status:** {{TNT_STATUS}} | **Files:** {{TNT_FILES}} | **Findings:** {{TNT_FINDINGS}} | **Time:** {{TNT_DURATION}}ms

Data flow analysis from untrusted sources (env vars, request bodies, tool input)
to dangerous sinks (eval, exec, fetch, writeFile). Regex-based, ~70% recall.

<!-- List TNT findings here -->

{{TNT_DETAILS}}

### 6. Git Forensics (GIT)

**Status:** {{GIT_STATUS}} | **Files:** {{GIT_FILES}} | **Findings:** {{GIT_FINDINGS}} | **Time:** {{GIT_DURATION}}ms

Supply chain rug pull signals: force pushes, description drift, hook modifications,
new outbound URLs, author changes, binary additions, suspicious commit patterns.

<!-- List GIT findings here, or note "skipped" if not a git repo -->

{{GIT_DETAILS}}

### 7. Network Mapping (NET)

**Status:** {{NET_STATUS}} | **Files:** {{NET_FILES}} | **Findings:** {{NET_FINDINGS}} | **Time:** {{NET_DURATION}}ms

Outbound URL discovery and classification: trusted (allow-listed), suspicious
(exfiltration endpoints, tunneling services), IP-based, unknown domains.

<!-- List NET findings here -->

{{NET_DETAILS}}

---

## Risk Matrix

| Scanner | CRITICAL | HIGH | MEDIUM | LOW | INFO |
|---------|----------|------|--------|-----|------|
| Unicode (UNI) | {{UNI_C}} | {{UNI_H}} | {{UNI_M}} | {{UNI_L}} | {{UNI_I}} |
| Entropy (ENT) | {{ENT_C}} | {{ENT_H}} | {{ENT_M}} | {{ENT_L}} | {{ENT_I}} |
| Permission (PRM) | {{PRM_C}} | {{PRM_H}} | {{PRM_M}} | {{PRM_L}} | {{PRM_I}} |
| Dependency (DEP) | {{DEP_C}} | {{DEP_H}} | {{DEP_M}} | {{DEP_L}} | {{DEP_I}} |
| Taint (TNT) | {{TNT_C}} | {{TNT_H}} | {{TNT_M}} | {{TNT_L}} | {{TNT_I}} |
| Git (GIT) | {{GIT_C}} | {{GIT_H}} | {{GIT_M}} | {{GIT_L}} | {{GIT_I}} |
| Network (NET) | {{NET_C}} | {{NET_H}} | {{NET_M}} | {{NET_L}} | {{NET_I}} |
| **TOTAL** | **{{CRITICAL}}** | **{{HIGH}}** | **{{MEDIUM}}** | **{{LOW}}** | **{{INFO}}** |

---

## OWASP Coverage

| OWASP Category | Findings | Scanners |
|----------------|----------|----------|
| LLM01 — Prompt Injection | {{LLM01_COUNT}} | UNI, ENT, TNT |
| LLM02 — Sensitive Info Disclosure | {{LLM02_COUNT}} | TNT, NET |
| LLM03 — Supply Chain | {{LLM03_COUNT}} | ENT, DEP, GIT, NET |
| LLM06 — Excessive Agency | {{LLM06_COUNT}} | PRM |

---

## Recommendations

<!-- Synthesizer agent: Prioritized action items based on findings.
     Group by urgency: Immediate (CRITICAL/HIGH), Short-term (MEDIUM), Improve (LOW/INFO).
     Be specific — reference finding IDs and files. -->

### Immediate (CRITICAL + HIGH)

{{IMMEDIATE_ACTIONS}}

### Short-term (MEDIUM)

{{SHORTTERM_ACTIONS}}

### Improvements (LOW + INFO)

{{IMPROVEMENT_ACTIONS}}

---

## Methodology

This report was generated by 7 deterministic Node.js scanners (zero external dependencies).
Scanner results are factual and reproducible. The Executive Summary and Recommendations
sections are synthesized by an LLM agent interpreting the raw findings.

| Scanner | Algorithm | Limitations |
|---------|-----------|-------------|
| Unicode | Codepoint iteration, Tag decoding | None — deterministic |
| Entropy | Shannon H per string literal | FP on knowledge files, data URIs |
| Permission | Frontmatter parsing, cross-reference | Claude Code plugins only |
| Dependency | npm/pip audit, Levenshtein | Requires package manager CLI |
| Taint | Regex variable tracking, 3-pass | ~70% recall, no AST, no cross-file |
| Git | History analysis, reflog, diff | Max 500 commits, 15s timeout |
| Network | URL extraction, DNS resolution | Max 50 DNS lookups, 3s timeout |

---

*Generated by llm-security deep-scan v1.2.0*