open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security-copilot/skills/audit/SKILL.md
Kjell Tore Guttormsen f418a8fe08 feat(llm-security-copilot): port llm-security v5.1.0 to GitHub Copilot CLI 
Full port of llm-security plugin for internal use on Windows with GitHub
Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs)
normalizes Copilot camelCase I/O to Claude Code snake_case format — all
original hook scripts run unmodified.

- 8 hooks with protocol translation (stdin/stdout/exit code)
- 18 SKILL.md skills (Agent Skills Open Standard)
- 6 .agent.md agent definitions
- 20 scanners + 14 scanner lib modules (unchanged)
- 14 knowledge files (unchanged)
- 39 test files including copilot-port-verify.mjs (17 tests)
- Windows-ready: node:path, os.tmpdir(), process.execPath, no bash

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-09 21:56:10 +02:00

46 lines
1.8 KiB
Markdown
Raw Blame History

---
name: security-audit
description: Full project security audit with OWASP LLM Top 10 assessment, scoring, and remediation plan
---
# Security Audit
Full project audit combining deterministic scanning with threat analysis.
## Step 1: Run Posture Scanner
```bash
node <plugin-root>/scanners/posture-scanner.mjs
```
Parse JSON: grade A-F, risk score, categories, findings, counts.
## Step 2: Gather Context
Glob for project structure: commands, agents, hooks, skills, MCP configs, CLAUDE.md, settings files. Record what exists.
## Step 3: Skill/Command Analysis
Read `<plugin-root>/knowledge/skill-threat-patterns.md` and `<plugin-root>/knowledge/secrets-patterns.md`.
Scan all command, agent, hook, and skill files for the 7 threat categories (injection, exfiltration, privilege escalation, scope creep, hidden instructions, toolchain manipulation, persistence). Apply frontmatter analysis, content analysis, and cross-reference checks.
## Step 4: MCP Analysis (if MCP configs found)
Read `<plugin-root>/knowledge/mcp-threat-patterns.md`.
Scan MCP server configs for: tool poisoning, hidden instructions, rug pull signals, supply chain risks, permission surface.
## Step 5: Merge and Report
Merge posture scanner findings with threat analysis findings. Recalculate:
`risk_score = min(100, critical*25 + high*10 + medium*4 + low*1)`
Output:
1. **Risk Dashboard** — Grade, risk score, verdict, finding counts
2. **Executive Summary** — Key risks, posture overview
3. **10 Category Sections** — One per OWASP/posture category with PASS/PARTIAL/FAIL and findings
4. **Summary Table** — All findings sorted by severity
5. **Action Items** — Grouped by urgency: IMMEDIATE (critical), HIGH (high), MEDIUM (medium)
If grade C or lower: suggest running `threat-model` for deeper analysis.
Reference in a new issue View git blame Copy permalink