open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security/scanners
History
Kjell Tore Guttormsen 8d8d4e7002 feat(red-team): 8 new evasion-arsenal scenarios for v7.2.0 (E1/E4/E5/E7/E16/E17) 
Adds attack-simulator coverage for the new defenses landed earlier in
Batch B. All eight scenarios pass against the current hooks (72/72,
zero gaps). E15 (memory-poisoning glob) and E18 (entropy markdown-image
CDN allowlist) are scanner-only and have unit/integration coverage in
their respective scanner test files.

  unicode-evasion (pre-prompt-inject-scan):
    UNI-007  E1  PUA-A range hidden Unicode               → HIGH advisory
    UNI-008  E1  PUA-B range hidden Unicode               → HIGH advisory
    UNI-009  E16 Greek-Latin homoglyph fold               → CRITICAL block

  mcp-output (post-mcp-verify):
    MCP-005  E4  Markdown link-title injection            → markdown-link-title-injection
    MCP-006  E5  SVG <desc> injection                     → svg-element-injection
    MCP-007  E5  SVG <foreignObject> injection            → svg-element-injection
    MCP-008  E7  HTML comment-node injection (no marker)  → html-comment-injection

  session-trifecta (post-session-guard):
    TRI-004  E17 Escalation-after-input (WebFetch → Task) → escalation-after-input advisory

Payload helpers `buildPuaAPayload` / `buildPuaBPayload` shift each
character into Supplementary Private Use Area-A / -B respectively.
The Greek-fold payload uses Greek ι (U+03B9 → i) and ο (U+03BF → o)
so foldHomoglyphs reproduces the canonical "ignore previous
instructions" CRITICAL pattern.

Total: 64 → 72 scenarios.

Refs: Batch B Wave 6 / Step 14 / v7.2.0
2026-04-29 15:35:32 +02:00
..
lib fix(injection): E16 ASCII fast-path + UNI-003 expectation update (v7.2.0) 2026-04-29 14:44:41 +02:00
ai-bom-generator.mjs feat(scanner): add AI-BOM generator — CycloneDX 1.6 format for AI supply chain transparency 2026-04-10 13:29:30 +02:00
attack-simulator.mjs feat(red-team): 8 new evasion-arsenal scenarios for v7.2.0 (E1/E4/E5/E7/E16/E17) 2026-04-29 15:35:32 +02:00
auto-cleaner.mjs feat: initial open marketplace with llm-security, config-audit, ultraplan-local 2026-04-06 18:47:49 +02:00
content-extractor.mjs feat: initial open marketplace with llm-security, config-audit, ultraplan-local 2026-04-06 18:47:49 +02:00
dashboard-aggregator.mjs chore(release): bump to v6.0.0 — CAISS-readiness release with compliance, governance, CLI 2026-04-10 14:03:10 +02:00
dep-auditor.mjs fix(dep): B7 — token-overlap typosquat heuristic alongside Levenshtein 2026-04-29 14:10:53 +02:00
entropy-scanner.mjs fix(entropy): E18 — rule 18 markdown-image CDN-aware + secret pre-check 2026-04-29 15:18:37 +02:00
git-forensics.mjs feat: initial open marketplace with llm-security, config-audit, ultraplan-local 2026-04-06 18:47:49 +02:00
ide-extension-scanner.mjs chore(release): bump llm-security to v7.1.0 2026-04-29 11:57:16 +02:00
mcp-live-inspect.mjs feat: initial open marketplace with llm-security, config-audit, ultraplan-local 2026-04-06 18:47:49 +02:00
memory-poisoning-scanner.mjs fix(memory-poisoning): E15 — add .claude/agents/*.md to target glob 2026-04-29 14:13:01 +02:00
network-mapper.mjs feat: initial open marketplace with llm-security, config-audit, ultraplan-local 2026-04-06 18:47:49 +02:00
permission-mapper.mjs feat: initial open marketplace with llm-security, config-audit, ultraplan-local 2026-04-06 18:47:49 +02:00
posture-scanner.mjs feat(llm-security)!: v7.0.0 commit 1 — severity-dominated log-scaled risk score 2026-04-19 22:00:29 +02:00
reference-config-generator.mjs feat: initial open marketplace with llm-security, config-audit, ultraplan-local 2026-04-06 18:47:49 +02:00
scan-orchestrator.mjs feat(ci): add CI/CD integration — --fail-on, --compact, pipeline templates 2026-04-10 14:59:05 +02:00
supply-chain-recheck-cli.mjs fix(scanners): use process.exitCode instead of process.exit() after stdout.write 2026-04-10 14:11:31 +02:00
supply-chain-recheck.mjs fix(dep): B7 — token-overlap typosquat heuristic alongside Levenshtein 2026-04-29 14:10:53 +02:00
taint-tracer.mjs fix(taint-tracer): B6 — recognize destructuring + spread + rest patterns 2026-04-29 14:05:34 +02:00
toxic-flow-analyzer.mjs feat: initial open marketplace with llm-security, config-audit, ultraplan-local 2026-04-06 18:47:49 +02:00
unicode-scanner.mjs feat: initial open marketplace with llm-security, config-audit, ultraplan-local 2026-04-06 18:47:49 +02:00
watch-cron.mjs feat: initial open marketplace with llm-security, config-audit, ultraplan-local 2026-04-06 18:47:49 +02:00