llm-security/templates/archive/scan-report.md
Kjell Tore Guttormsen f153f969a0 feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command
Add /ultraresearch-local for structured research combining local codebase
analysis with external knowledge via parallel agent swarms. Produces research
briefs with triangulation, confidence ratings, and source quality assessment.

New command: /ultraresearch-local with modes --quick, --local, --external, --fg.
New agents: research-orchestrator (opus), docs-researcher, community-researcher,
security-researcher, contrarian-researcher, gemini-bridge (all sonnet).
New template: research-brief-template.md.

Integration: --research flag in /ultraplan-local accepts pre-built research
briefs (up to 3), enriches the interview and exploration phases. Planning
orchestrator cross-references brief findings during synthesis.

Design principle: Context Engineering — right information to right agent at
right time. Research briefs are structured artifacts in the pipeline:
ultraresearch → brief → ultraplan --research → plan → ultraexecute.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-08 08:58:35 +02:00

6.1 KiB
Raw Permalink Blame History

Security Scan Report


Header

Project: [Name of the project or directory that was scanned] Scan timestamp: [ISO 8601 — e.g. 2026-02-19T14:03:22Z] Scope: [Absolute or relative path(s) passed to the scan command — e.g. ./plugins/llm-security or **/*.md, hooks/] Scan type: [One of: full | secrets | injection | permissions | mcp | supply-chain] Triggered by: [Command invocation string — e.g. /security scan ./plugins]


Executive Summary

Field Value
Verdict [ALLOW / WARNING / BLOCK]
Risk score [0100 integer]
Critical findings [count]
High findings [count]
Medium findings [count]
Low findings [count]
Info findings [count]
Files scanned [count]
Scan duration [e.g. 4.2 s]

Verdict rationale: [12 sentences explaining why this verdict was chosen. BLOCK = at least one Critical; WARNING = High or multiple Medium; ALLOW = Low/Info only.]


Findings

Findings are sorted Critical → High → Medium → Low → Info within each section. Each finding ID is formatted SCN-[NNN] (e.g. SCN-001).

Critical

No Critical findings — omit this section if empty.

ID Category File / Location Line Description
SCN-001 [Category — see list below] [path/to/file.md] [L42] [Short description of the issue]

SCN-001 Detail

  • Severity: Critical
  • Category: [Secrets / Injection / Permissions / Supply Chain / MCP Trust / Destructive / Output Handling / Other]
  • File: [Full relative path]
  • Line(s): [Line range or N/A]
  • OWASP LLM Reference: [e.g. LLM02:2025 Sensitive Information Disclosure]
  • Description: [Full explanation of what was found and why it is a risk]
  • Evidence: [Exact excerpt or pattern that triggered the finding — redact actual secret values]
  • Remediation: [Concrete, actionable fix with example if applicable]

High

No High findings — omit this section if empty.

ID Category File / Location Line Description
SCN-002 [Category] [path/to/file.md] [L17] [Short description]

SCN-002 Detail

  • Severity: High
  • Category: [Category]
  • File: [path]
  • Line(s): [range]
  • OWASP LLM Reference: [reference]
  • Description: [explanation]
  • Evidence: [excerpt]
  • Remediation: [fix]

Medium

No Medium findings — omit this section if empty.

ID Category File / Location Line Description
SCN-003 [Category] [path/to/file.md] [L5] [Short description]

(Follow same detail block format as Critical/High above)


Low

No Low findings — omit this section if empty.

ID Category File / Location Line Description
SCN-004 [Category] [path/to/file.md] [L88] [Short description]

(Follow same detail block format)


Info

Informational observations that do not require immediate action.

ID Category File / Location Observation
SCN-005 [Category] [path/to/file.md] [Observation]

Supply Chain Assessment

Include this section when scan type is supply-chain, mcp, or full. Omit for narrow scans (e.g. secrets-only).

Component Type Source Trust score Notes
[plugin-name / mcp-server-name] [Plugin / MCP / Hook] [URL or local path] [010] [Verification status]

Source verification: [Were sources verified against known-good hashes, npm provenance, or GitHub releases? Describe outcome.]

Permissions analysis:

  • Requested tools: [list]
  • Minimum necessary tools: [list]
  • Over-permissioned: [Yes / No — explain if Yes]

Supply chain risk summary: [13 sentences on overall supply chain health]


Recommendations

Prioritized by risk. Address Critical and High items before merge/deploy.

Priority Finding ID(s) Action Effort
1 SCN-001 [Actionable step] [Low / Medium / High]
2 SCN-002 [Actionable step] [Low / Medium / High]
3 SCN-003, SCN-004 [Actionable step] [Low / Medium / High]

Quick wins (< 5 min): [List any findings that can be fixed in under 5 minutes — e.g. removing a hardcoded token, adding a .gitignore entry]


Field Value
llm-security version [e.g. 0.1.0]
Scan engine llm-security skill-scanner-agent / mcp-scanner-agent
Scan duration [e.g. 4.2 s]
OWASP references LLM Top 10 2025, Agentic AI Top 10
Report generated [ISO 8601 timestamp]