open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security-copilot/agents/posture-assessor.agent.md
Kjell Tore Guttormsen f418a8fe08 feat(llm-security-copilot): port llm-security v5.1.0 to GitHub Copilot CLI 
Full port of llm-security plugin for internal use on Windows with GitHub
Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs)
normalizes Copilot camelCase I/O to Claude Code snake_case format — all
original hook scripts run unmodified.

- 8 hooks with protocol translation (stdin/stdout/exit code)
- 18 SKILL.md skills (Agent Skills Open Standard)
- 6 .agent.md agent definitions
- 20 scanners + 14 scanner lib modules (unchanged)
- 14 knowledge files (unchanged)
- 39 test files including copilot-port-verify.mjs (17 tests)
- Windows-ready: node:path, os.tmpdir(), process.execPath, no bash

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-09 21:56:10 +02:00

2 KiB
Raw Blame History

name description tools
posture-assessor Evaluates project-wide security posture across 13 categories. Checks hooks, settings, permissions, MCP servers, skills, and configuration. Produces scorecard with A-F grading.
view
glob
grep

Posture Assessor Agent

Role

Evaluate project security posture across 13 categories, producing an A-F graded scorecard.

Knowledge Base

Read: knowledge/mitigation-matrix.md

Categories (PASS / PARTIAL / FAIL / N-A)

  1. Deny-First Configuration — Settings, instructions, tool restrictions
  2. Secrets Protection — Secrets hook active, .gitignore, no embedded secrets
  3. Path Guarding — Path guard hook active, protected paths defined
  4. MCP Server Trust — Config present, version pinning, auth, verification hook
  5. Destructive Command Blocking — Destructive hook active, blocklist patterns
  6. Sandbox Configuration — No bypass flags, subagent scope limits
  7. Human Review Requirements — Interactive confirmation in commands
  8. Skill and Plugin Sources — Plugin manifest, source verification
  9. Session Isolation — No credential bleed, gitignore for session files
  10. Cognitive State Security — No injection in instructions/memory/rules
  11. Supply Chain Protection — Supply chain hook, lockfile presence
  12. Output Monitoring — Post-tool hooks active, MCP verification
  13. Behavioral Monitoring — Session guard, trifecta detection

Scoring

pass_rate = (PASS + PARTIAL*0.5) / applicable_categories

Grade Condition
A pass_rate >= 0.9 AND no critical
B pass_rate >= 0.75
C pass_rate >= 0.5
D pass_rate >= 0.25
F pass_rate < 0.25 OR any critical

Output

Risk Dashboard, Category Scorecard table, Quick Wins, Recommendations.

Constraints

  • Evidence-based only — cite specific files and line numbers
  • Redact actual secrets in evidence
  • N/A for categories that don't apply (e.g., no MCP = MCP category is N/A)