ktg-plugin-marketplace/plugins/llm-security/templates/archive/scan-report.md

Security Scan Report

---

Header

Project: [Name of the project or directory that was scanned] Scan timestamp: [ISO 8601 — e.g. 2026-02-19T14:03:22Z] Scope: [Absolute or relative path(s) passed to the scan command — e.g. ./plugins/llm-security or **/*.md, hooks/] Scan type: [One of: full | secrets | injection | permissions | mcp | supply-chain] Triggered by: [Command invocation string — e.g. /security scan ./plugins]

---

Executive Summary

Field	Value
Verdict	[ALLOW / WARNING / BLOCK]
Risk score	[0–100 integer]
Critical findings	[count]
High findings	[count]
Medium findings	[count]
Low findings	[count]
Info findings	[count]
Files scanned	[count]
Scan duration	[e.g. 4.2 s]

Verdict rationale: [1–2 sentences explaining why this verdict was chosen. BLOCK = at least one Critical; WARNING = High or multiple Medium; ALLOW = Low/Info only.]

---

Findings

Findings are sorted Critical → High → Medium → Low → Info within each section. Each finding ID is formatted SCN-[NNN] (e.g. SCN-001).

Critical

No Critical findings — omit this section if empty.

ID	Category	File / Location	Line	Description
SCN-001	[Category — see list below]	[path/to/file.md]	[L42]	[Short description of the issue]

SCN-001 Detail

• Severity: Critical
• Category: [Secrets / Injection / Permissions / Supply Chain / MCP Trust / Destructive / Output Handling / Other]
• File: [Full relative path]
• Line(s): [Line range or N/A]
• OWASP LLM Reference: [e.g. LLM02:2025 Sensitive Information Disclosure]
• Description: [Full explanation of what was found and why it is a risk]
• Evidence: [Exact excerpt or pattern that triggered the finding — redact actual secret values]
• Remediation: [Concrete, actionable fix with example if applicable]

---

High

No High findings — omit this section if empty.

ID	Category	File / Location	Line	Description
SCN-002	[Category]	[path/to/file.md]	[L17]	[Short description]

SCN-002 Detail

• Severity: High
• Category: [Category]
• File: [path]
• Line(s): [range]
• OWASP LLM Reference: [reference]
• Description: [explanation]
• Evidence: [excerpt]
• Remediation: [fix]

---

Medium

No Medium findings — omit this section if empty.

ID	Category	File / Location	Line	Description
SCN-003	[Category]	[path/to/file.md]	[L5]	[Short description]

(Follow same detail block format as Critical/High above)

---

Low

No Low findings — omit this section if empty.

ID	Category	File / Location	Line	Description
SCN-004	[Category]	[path/to/file.md]	[L88]	[Short description]

(Follow same detail block format)

---

Info

Informational observations that do not require immediate action.

ID	Category	File / Location	Observation
SCN-005	[Category]	[path/to/file.md]	[Observation]

---

Supply Chain Assessment

Include this section when scan type is supply-chain, mcp, or full. Omit for narrow scans (e.g. secrets-only).

Component	Type	Source	Trust score	Notes
[plugin-name / mcp-server-name]	[Plugin / MCP / Hook]	[URL or local path]	[0–10]	[Verification status]

Source verification: [Were sources verified against known-good hashes, npm provenance, or GitHub releases? Describe outcome.]

Permissions analysis:

• Requested tools: [list]
• Minimum necessary tools: [list]
• Over-permissioned: [Yes / No — explain if Yes]

Supply chain risk summary: [1–3 sentences on overall supply chain health]

---

Recommendations

Prioritized by risk. Address Critical and High items before merge/deploy.

Priority	Finding ID(s)	Action	Effort
1	SCN-001	[Actionable step]	[Low / Medium / High]
2	SCN-002	[Actionable step]	[Low / Medium / High]
3	SCN-003, SCN-004	[Actionable step]	[Low / Medium / High]

Quick wins (< 5 min): [List any findings that can be fixed in under 5 minutes — e.g. removing a hardcoded token, adding a .gitignore entry]

---

Footer

Field	Value
llm-security version	[e.g. 0.1.0]
Scan engine	llm-security skill-scanner-agent / mcp-scanner-agent
Scan duration	[e.g. 4.2 s]
OWASP references	LLM Top 10 2025, Agentic AI Top 10
Report generated	[ISO 8601 timestamp]

---