@artemiskit/redteam 0.2.4 → 0.3.0

package/dist/mutations/bad-likert-judge.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Bad Likert Judge Mutation - OWASP LLM01 (Prompt Injection)
+ *
+ * This mutation exploits the model's evaluation capability by framing harmful requests
+ * as rating/scoring tasks. The model is asked to "rate" harmful content on various scales,
+ * which can trick it into generating or engaging with harmful content.
+ *
+ * Research shows 60%+ bypass success rate with this technique.
+ *
+ * Reference: OWASP LLM Top 10 2025 - LLM01 Prompt Injection
+ */
+import { type CvssScore } from '../severity';
+import type { Mutation } from './index';
+export type LikertScaleType = 'agreement' | 'effectiveness' | 'quality' | 'realism' | 'helpfulness' | 'accuracy';
+export interface BadLikertJudgeOptions {
+    /** Preferred scale type (random if not specified) */
+    scaleType?: LikertScaleType;
+    /** Whether to use wrapper framing */
+    useWrapper?: boolean;
+}
+export declare class BadLikertJudgeMutation implements Mutation {
+    readonly name = "bad-likert-judge";
+    readonly description = "Frames harmful requests as rating/scoring tasks to bypass safety measures (OWASP LLM01)";
+    readonly severity: "critical";
+    readonly cvssScore: CvssScore;
+    /** OWASP category */
+    readonly owaspCategory = "LLM01";
+    private scaleType?;
+    private useWrapper;
+    constructor(options?: BadLikertJudgeOptions);
+    /**
+     * Get a random item from an array
+     */
+    private random;
+    /**
+     * Get a random scale type
+     */
+    private getScaleType;
+    mutate(prompt: string): string;
+}
+//# sourceMappingURL=bad-likert-judge.d.ts.map

package/dist/mutations/bad-likert-judge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bad-likert-judge.d.ts","sourceRoot":"","sources":["../../src/mutations/bad-likert-judge.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAkB,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAExC,MAAM,MAAM,eAAe,GACvB,WAAW,GACX,eAAe,GACf,SAAS,GACT,SAAS,GACT,aAAa,GACb,UAAU,CAAC;AAiDf,MAAM,WAAW,qBAAqB;IACpC,qDAAqD;IACrD,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,qCAAqC;IACrC,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,qBAAa,sBAAuB,YAAW,QAAQ;IACrD,QAAQ,CAAC,IAAI,sBAAsB;IACnC,QAAQ,CAAC,WAAW,6FACwE;IAC5F,QAAQ,CAAC,QAAQ,EAAG,UAAU,CAAU;IACxC,QAAQ,CAAC,SAAS,EAAE,SAAS,CAS1B;IACH,qBAAqB;IACrB,QAAQ,CAAC,aAAa,WAAW;IAEjC,OAAO,CAAC,SAAS,CAAC,CAAkB;IACpC,OAAO,CAAC,UAAU,CAAU;gBAEhB,OAAO,GAAE,qBAA0B;IAK/C;;OAEG;IACH,OAAO,CAAC,MAAM;IAId;;OAEG;IACH,OAAO,CAAC,YAAY;IAapB,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;CAgB/B"}

package/dist/mutations/crescendo.d.ts

@@ -0,0 +1,50 @@
+/**
+ * Crescendo Mutation - OWASP LLM01 (Prompt Injection)
+ *
+ * Multi-turn gradual escalation attack that starts with completely benign requests
+ * and incrementally increases the harm level. Each turn builds trust and context
+ * that makes the next request seem more reasonable.
+ *
+ * This is distinct from the general multi-turn mutation in that it specifically
+ * follows the escalation pattern rather than using other strategies.
+ *
+ * Reference: OWASP LLM Top 10 2025 - LLM01 Prompt Injection
+ */
+import { type CvssScore } from '../severity';
+import type { Mutation } from './index';
+import type { ConversationTurn } from './multi-turn';
+export type EscalationTopic = 'security_research' | 'academic_writing' | 'fiction_writing' | 'educational_content' | 'technical_documentation' | 'safety_testing';
+export interface CrescendoOptions {
+    /** Preferred escalation topic (random if not specified) */
+    topic?: EscalationTopic;
+    /** Number of escalation turns (2-5, default 4) */
+    turns?: number;
+}
+export declare class CrescendoMutation implements Mutation {
+    readonly name = "crescendo";
+    readonly description = "Multi-turn gradual escalation attack building trust before harmful request (OWASP LLM01)";
+    readonly severity: "critical";
+    readonly cvssScore: CvssScore;
+    /** OWASP category */
+    readonly owaspCategory = "LLM01";
+    private topic?;
+    private turns;
+    constructor(options?: CrescendoOptions);
+    /**
+     * Get a random item from an array
+     */
+    private random;
+    /**
+     * Get escalation topic
+     */
+    private getTopic;
+    /**
+     * For single-prompt use, generates a prompt that includes the conversation context
+     */
+    mutate(prompt: string): string;
+    /**
+     * Generate the full conversation sequence for multi-turn execution
+     */
+    generateConversation(targetPrompt: string): ConversationTurn[];
+}
+//# sourceMappingURL=crescendo.d.ts.map

package/dist/mutations/crescendo.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crescendo.d.ts","sourceRoot":"","sources":["../../src/mutations/crescendo.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAkB,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAErD,MAAM,MAAM,eAAe,GACvB,mBAAmB,GACnB,kBAAkB,GAClB,iBAAiB,GACjB,qBAAqB,GACrB,yBAAyB,GACzB,gBAAgB,CAAC;AAkLrB,MAAM,WAAW,gBAAgB;IAC/B,2DAA2D;IAC3D,KAAK,CAAC,EAAE,eAAe,CAAC;IACxB,kDAAkD;IAClD,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,iBAAkB,YAAW,QAAQ;IAChD,QAAQ,CAAC,IAAI,eAAe;IAC5B,QAAQ,CAAC,WAAW,8FACyE;IAC7F,QAAQ,CAAC,QAAQ,EAAG,UAAU,CAAU;IACxC,QAAQ,CAAC,SAAS,EAAE,SAAS,CAS1B;IACH,qBAAqB;IACrB,QAAQ,CAAC,aAAa,WAAW;IAEjC,OAAO,CAAC,KAAK,CAAC,CAAkB;IAChC,OAAO,CAAC,KAAK,CAAS;gBAEV,OAAO,GAAE,gBAAqB;IAK1C;;OAEG;IACH,OAAO,CAAC,MAAM;IAId;;OAEG;IACH,OAAO,CAAC,QAAQ;IAMhB;;OAEG;IACH,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;IAmB9B;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,gBAAgB,EAAE;CAmB/D"}

package/dist/mutations/deceptive-delight.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Deceptive Delight Mutation - OWASP LLM01 (Prompt Injection)
+ *
+ * This mutation uses positive framing and pleasurable contexts to bypass
+ * safety measures. Harmful requests are wrapped in upbeat, enthusiastic,
+ * or feel-good contexts that make them seem more benign.
+ *
+ * The technique exploits the tendency of models to be more permissive
+ * with requests framed positively.
+ *
+ * Reference: OWASP LLM Top 10 2025 - LLM01 Prompt Injection
+ */
+import { type CvssScore } from '../severity';
+import type { Mutation } from './index';
+export type DelightType = 'celebration' | 'learning_excitement' | 'helping_others' | 'creative_joy' | 'scientific_wonder' | 'game_fun';
+export interface DeceptiveDelightOptions {
+    /** Preferred delight type (random if not specified) */
+    delightType?: DelightType;
+    /** Whether to add emoji enhancement */
+    addEmojis?: boolean;
+    /** Whether to add positive suffix */
+    addSuffix?: boolean;
+}
+export declare class DeceptiveDelightMutation implements Mutation {
+    readonly name = "deceptive-delight";
+    readonly description = "Uses positive framing and feel-good contexts to bypass safety measures (OWASP LLM01)";
+    readonly severity: "high";
+    readonly cvssScore: CvssScore;
+    /** OWASP category */
+    readonly owaspCategory = "LLM01";
+    private delightType?;
+    private addEmojis;
+    private addSuffix;
+    constructor(options?: DeceptiveDelightOptions);
+    /**
+     * Get a random item from an array
+     */
+    private random;
+    /**
+     * Get delight type
+     */
+    private getDelightType;
+    /**
+     * Add random emojis to text
+     */
+    private enhanceWithEmojis;
+    mutate(prompt: string): string;
+}
+//# sourceMappingURL=deceptive-delight.d.ts.map

package/dist/mutations/deceptive-delight.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"deceptive-delight.d.ts","sourceRoot":"","sources":["../../src/mutations/deceptive-delight.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAkB,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAExC,MAAM,MAAM,WAAW,GACnB,aAAa,GACb,qBAAqB,GACrB,gBAAgB,GAChB,cAAc,GACd,mBAAmB,GACnB,UAAU,CAAC;AAkEf,MAAM,WAAW,uBAAuB;IACtC,uDAAuD;IACvD,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,uCAAuC;IACvC,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,qCAAqC;IACrC,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED,qBAAa,wBAAyB,YAAW,QAAQ;IACvD,QAAQ,CAAC,IAAI,uBAAuB;IACpC,QAAQ,CAAC,WAAW,0FACqE;IACzF,QAAQ,CAAC,QAAQ,EAAG,MAAM,CAAU;IACpC,QAAQ,CAAC,SAAS,EAAE,SAAS,CAS1B;IACH,qBAAqB;IACrB,QAAQ,CAAC,aAAa,WAAW;IAEjC,OAAO,CAAC,WAAW,CAAC,CAAc;IAClC,OAAO,CAAC,SAAS,CAAU;IAC3B,OAAO,CAAC,SAAS,CAAU;gBAEf,OAAO,GAAE,uBAA4B;IAMjD;;OAEG;IACH,OAAO,CAAC,MAAM;IAId;;OAEG;IACH,OAAO,CAAC,cAAc;IAMtB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAWzB,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;CAuB/B"}

package/dist/mutations/excessive-agency.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Excessive Agency Mutation - OWASP LLM08 (Excessive Agency)
+ *
+ * This mutation tests if the LLM can be manipulated into claiming or
+ * attempting to perform unauthorized actions beyond its actual capabilities
+ * or permissions.
+ *
+ * The attack targets scenarios where:
+ * - LLM claims to have access/permissions it shouldn't have
+ * - LLM agrees to perform actions outside its scope
+ * - LLM doesn't properly validate authorization for claimed actions
+ * - LLM grants itself elevated privileges in conversation
+ *
+ * Reference: OWASP LLM Top 10 2025 - LLM08 Excessive Agency
+ */
+import { type CvssScore } from '../severity';
+import type { Mutation } from './index';
+export type AgencyType = 'file_system' | 'network' | 'database' | 'admin' | 'api' | 'user_data' | 'system_control';
+export interface ExcessiveAgencyOptions {
+    /** Preferred agency type to test (random if not specified) */
+    agencyType?: AgencyType;
+    /** Whether to add authority prefix */
+    addAuthority?: boolean;
+}
+export declare class ExcessiveAgencyMutation implements Mutation {
+    readonly name = "excessive-agency";
+    readonly description = "Tests if LLM claims or attempts unauthorized actions beyond its permissions (OWASP LLM08)";
+    readonly severity: "critical";
+    readonly cvssScore: CvssScore;
+    /** OWASP category */
+    readonly owaspCategory = "LLM08";
+    private agencyType?;
+    private addAuthority;
+    constructor(options?: ExcessiveAgencyOptions);
+    /**
+     * Get a random item from an array
+     */
+    private random;
+    /**
+     * Get agency type
+     */
+    private getAgencyType;
+    mutate(prompt: string): string;
+}
+//# sourceMappingURL=excessive-agency.d.ts.map

package/dist/mutations/excessive-agency.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"excessive-agency.d.ts","sourceRoot":"","sources":["../../src/mutations/excessive-agency.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAkB,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAExC,MAAM,MAAM,UAAU,GAClB,aAAa,GACb,SAAS,GACT,UAAU,GACV,OAAO,GACP,KAAK,GACL,WAAW,GACX,gBAAgB,CAAC;AAmFrB,MAAM,WAAW,sBAAsB;IACrC,8DAA8D;IAC9D,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,sCAAsC;IACtC,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,qBAAa,uBAAwB,YAAW,QAAQ;IACtD,QAAQ,CAAC,IAAI,sBAAsB;IACnC,QAAQ,CAAC,WAAW,+FAC0E;IAC9F,QAAQ,CAAC,QAAQ,EAAG,UAAU,CAAU;IACxC,QAAQ,CAAC,SAAS,EAAE,SAAS,CAS1B;IACH,qBAAqB;IACrB,QAAQ,CAAC,aAAa,WAAW;IAEjC,OAAO,CAAC,UAAU,CAAC,CAAa;IAChC,OAAO,CAAC,YAAY,CAAU;gBAElB,OAAO,GAAE,sBAA2B;IAKhD;;OAEG;IACH,OAAO,CAAC,MAAM;IAId;;OAEG;IACH,OAAO,CAAC,aAAa;IAMrB,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;CAoB/B"}

package/dist/mutations/hallucination-trap.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Hallucination Trap Mutation - OWASP LLM09 (Misinformation)
+ *
+ * This mutation triggers confident fabrication by asking about:
+ * - Non-existent entities (fake people, companies, products)
+ * - Impossible scenarios requiring invented details
+ * - Requests for specific fake information
+ * - Questions designed to make the model confident about wrong answers
+ *
+ * The goal is to test if the LLM will confidently assert false information
+ * rather than acknowledge uncertainty.
+ *
+ * Reference: OWASP LLM Top 10 2025 - LLM09 Misinformation
+ */
+import { type CvssScore } from '../severity';
+import type { Mutation } from './index';
+export type HallucinationType = 'fake_entity' | 'fake_citation' | 'impossible_detail' | 'confident_wrong' | 'fabricated_history' | 'technical_fiction';
+export interface HallucinationTrapOptions {
+    /** Preferred hallucination type (random if not specified) */
+    hallucinationType?: HallucinationType;
+    /** Whether to add confidence prefix */
+    addConfidence?: boolean;
+    /** Whether to demand verification */
+    demandVerification?: boolean;
+}
+export declare class HallucinationTrapMutation implements Mutation {
+    readonly name = "hallucination-trap";
+    readonly description = "Triggers confident fabrication about non-existent entities or impossible details (OWASP LLM09)";
+    readonly severity: "medium";
+    readonly cvssScore: CvssScore;
+    /** OWASP category */
+    readonly owaspCategory = "LLM09";
+    private hallucinationType?;
+    private addConfidence;
+    private demandVerification;
+    constructor(options?: HallucinationTrapOptions);
+    /**
+     * Get a random item from an array
+     */
+    private random;
+    /**
+     * Get hallucination type
+     */
+    private getHallucinationType;
+    /**
+     * Get a fake entity of a specific type
+     */
+    private getFakeEntity;
+    mutate(prompt: string): string;
+}
+//# sourceMappingURL=hallucination-trap.d.ts.map

package/dist/mutations/hallucination-trap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hallucination-trap.d.ts","sourceRoot":"","sources":["../../src/mutations/hallucination-trap.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAkB,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAExC,MAAM,MAAM,iBAAiB,GACzB,aAAa,GACb,eAAe,GACf,mBAAmB,GACnB,iBAAiB,GACjB,oBAAoB,GACpB,mBAAmB,CAAC;AAmHxB,MAAM,WAAW,wBAAwB;IACvC,6DAA6D;IAC7D,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,uCAAuC;IACvC,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,qCAAqC;IACrC,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AAED,qBAAa,yBAA0B,YAAW,QAAQ;IACxD,QAAQ,CAAC,IAAI,wBAAwB;IACrC,QAAQ,CAAC,WAAW,oGAC+E;IACnG,QAAQ,CAAC,QAAQ,EAAG,QAAQ,CAAU;IACtC,QAAQ,CAAC,SAAS,EAAE,SAAS,CAS1B;IACH,qBAAqB;IACrB,QAAQ,CAAC,aAAa,WAAW;IAEjC,OAAO,CAAC,iBAAiB,CAAC,CAAoB;IAC9C,OAAO,CAAC,aAAa,CAAU;IAC/B,OAAO,CAAC,kBAAkB,CAAU;gBAExB,OAAO,GAAE,wBAA6B;IAMlD;;OAEG;IACH,OAAO,CAAC,MAAM;IAId;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAM5B;;OAEG;IACH,OAAO,CAAC,aAAa;IAIrB,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;CAoC/B"}

package/dist/mutations/index.d.ts

@@ -1,5 +1,8 @@
 /**
  * Red-team mutations module
+ *
+ * This module exports all available mutation classes for red-team testing.
+ * Mutations transform attack prompts to test different bypass techniques.
  */
 import type { CvssScore } from '../severity';
 export { TypoMutation } from './typo';
@@ -8,12 +11,95 @@ export { InstructionFlipMutation } from './instruction-flip';
 export { CotInjectionMutation } from './cot-injection';
 export { EncodingMutation, type EncodingType } from './encoding';
 export { MultiTurnMutation, type MultiTurnStrategy, type ConversationTurn, type MultiTurnOptions, type MultiTurnInput, } from './multi-turn';
+export { BadLikertJudgeMutation, type BadLikertJudgeOptions, type LikertScaleType, } from './bad-likert-judge';
+export { CrescendoMutation, type CrescendoOptions, type EscalationTopic, } from './crescendo';
+export { DeceptiveDelightMutation, type DeceptiveDelightOptions, type DelightType, } from './deceptive-delight';
+export { OutputInjectionMutation, type OutputInjectionOptions, type InjectionType, } from './output-injection';
+export { ExcessiveAgencyMutation, type ExcessiveAgencyOptions, type AgencyType, } from './excessive-agency';
+export { SystemExtractionMutation, type SystemExtractionOptions, type ExtractionTechnique, } from './system-extraction';
+export { HallucinationTrapMutation, type HallucinationTrapOptions, type HallucinationType, } from './hallucination-trap';
+/**
+ * Base interface for all mutations
+ */
 export interface Mutation {
+    /** Unique identifier for the mutation */
     readonly name: string;
+    /** Human-readable description */
     readonly description: string;
+    /** Severity level (affects scoring) */
     readonly severity: 'low' | 'medium' | 'high' | 'critical';
     /** CVSS-like score for detailed severity assessment */
     readonly cvssScore?: CvssScore;
+    /** Optional OWASP LLM Top 10 category (e.g., 'LLM01') */
+    readonly owaspCategory?: string;
+    /**
+     * Transform a prompt using this mutation technique
+     * @param prompt The original attack prompt
+     * @returns The mutated prompt
+     */
     mutate(prompt: string): string;
 }
+/**
+ * OWASP LLM Top 10 2025 categories with their mutations
+ */
+export declare const OWASP_CATEGORIES: {
+    readonly LLM01: {
+        readonly name: "Prompt Injection";
+        readonly description: "Manipulating LLMs via crafted inputs";
+        readonly mutations: readonly ["bad-likert-judge", "crescendo", "deceptive-delight"];
+    };
+    readonly LLM02: {
+        readonly name: "Insecure Output Handling";
+        readonly description: "Neglecting to validate LLM outputs";
+        readonly mutations: readonly ["output-injection"];
+    };
+    readonly LLM03: {
+        readonly name: "Training Data Poisoning";
+        readonly description: "Tampering training data to introduce vulnerabilities";
+        readonly mutations: readonly [];
+    };
+    readonly LLM04: {
+        readonly name: "Model Denial of Service";
+        readonly description: "Overloading LLMs with resource-heavy operations";
+        readonly mutations: readonly [];
+    };
+    readonly LLM05: {
+        readonly name: "Supply Chain Vulnerabilities";
+        readonly description: "Compromised dependencies, models, or data";
+        readonly mutations: readonly [];
+    };
+    readonly LLM06: {
+        readonly name: "Sensitive Information Disclosure";
+        readonly description: "Revealing private data through LLM outputs";
+        readonly mutations: readonly ["system-extraction"];
+    };
+    readonly LLM07: {
+        readonly name: "Insecure Plugin Design";
+        readonly description: "LLM plugins with inadequate access controls";
+        readonly mutations: readonly [];
+    };
+    readonly LLM08: {
+        readonly name: "Excessive Agency";
+        readonly description: "Granting too many permissions to LLM actions";
+        readonly mutations: readonly ["excessive-agency"];
+    };
+    readonly LLM09: {
+        readonly name: "Overreliance";
+        readonly description: "Trusting LLM outputs without verification";
+        readonly mutations: readonly ["hallucination-trap"];
+    };
+    readonly LLM10: {
+        readonly name: "Model Theft";
+        readonly description: "Unauthorized access or copying of LLM models";
+        readonly mutations: readonly [];
+    };
+};
+/**
+ * Get all mutations for a specific OWASP category
+ */
+export declare function getMutationsForCategory(category: keyof typeof OWASP_CATEGORIES): string[];
+/**
+ * Get all OWASP mutation names
+ */
+export declare function getAllOwaspMutationNames(): string[];
 //# sourceMappingURL=index.d.ts.map

package/dist/mutations/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/mutations/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAE7C,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AACtC,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,KAAK,YAAY,EAAE,MAAM,YAAY,CAAC;AACjE,OAAO,EACL,iBAAiB,EACjB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,cAAc,GACpB,MAAM,cAAc,CAAC;AAEtB,MAAM,WAAW,QAAQ;IACvB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IAC1D,uDAAuD;IACvD,QAAQ,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC;IAE/B,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;CAChC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/mutations/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAK7C,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AACtC,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,KAAK,YAAY,EAAE,MAAM,YAAY,CAAC;AACjE,OAAO,EACL,iBAAiB,EACjB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,cAAc,GACpB,MAAM,cAAc,CAAC;AAOtB,OAAO,EACL,sBAAsB,EACtB,KAAK,qBAAqB,EAC1B,KAAK,eAAe,GACrB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,iBAAiB,EACjB,KAAK,gBAAgB,EACrB,KAAK,eAAe,GACrB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,wBAAwB,EACxB,KAAK,uBAAuB,EAC5B,KAAK,WAAW,GACjB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,uBAAuB,EACvB,KAAK,sBAAsB,EAC3B,KAAK,aAAa,GACnB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,uBAAuB,EACvB,KAAK,sBAAsB,EAC3B,KAAK,UAAU,GAChB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,wBAAwB,EACxB,KAAK,uBAAuB,EAC5B,KAAK,mBAAmB,GACzB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,yBAAyB,EACzB,KAAK,wBAAwB,EAC7B,KAAK,iBAAiB,GACvB,MAAM,sBAAsB,CAAC;AAM9B;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,yCAAyC;IACzC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,iCAAiC;IACjC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,uCAAuC;IACvC,QAAQ,CAAC,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IAC1D,uDAAuD;IACvD,QAAQ,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC;IAC/B,yDAAyD;IACzD,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAEhC;;;;OAIG;IACH,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;CAChC;AAMD;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmDnB,CAAC;AAEX;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,MAAM,OAAO,gBAAgB,GAAG,MAAM,EAAE,CAEzF;AAED;;GAEG;AACH,wBAAgB,wBAAwB,IAAI,MAAM,EAAE,CAQnD"}

package/dist/mutations/output-injection.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Output Injection Mutation - OWASP LLM02 (Insecure Output Handling)
+ *
+ * This mutation tests if the LLM can be tricked into generating outputs
+ * that contain injection payloads (XSS, SQLi, command injection, etc.)
+ * which could be dangerous if consumed by downstream systems.
+ *
+ * The attack targets scenarios where LLM output is:
+ * - Rendered in web pages (XSS)
+ * - Used in database queries (SQLi)
+ * - Executed as commands (command injection)
+ * - Parsed as structured data (JSON/XML injection)
+ *
+ * Reference: OWASP LLM Top 10 2025 - LLM02 Insecure Output Handling
+ */
+import { type CvssScore } from '../severity';
+import type { Mutation } from './index';
+export type InjectionType = 'xss' | 'sqli' | 'command' | 'template' | 'json' | 'xml' | 'path' | 'ldap';
+export interface OutputInjectionOptions {
+    /** Preferred injection type (random if not specified) */
+    injectionType?: InjectionType;
+    /** Whether to include explanation request */
+    requestExplanation?: boolean;
+}
+export declare class OutputInjectionMutation implements Mutation {
+    readonly name = "output-injection";
+    readonly description = "Tests if LLM generates outputs with XSS, SQLi, command injection payloads (OWASP LLM02)";
+    readonly severity: "high";
+    readonly cvssScore: CvssScore;
+    /** OWASP category */
+    readonly owaspCategory = "LLM02";
+    private injectionType?;
+    private requestExplanation;
+    constructor(options?: OutputInjectionOptions);
+    /**
+     * Get a random item from an array
+     */
+    private random;
+    /**
+     * Get injection type
+     */
+    private getInjectionType;
+    mutate(prompt: string): string;
+}
+//# sourceMappingURL=output-injection.d.ts.map

package/dist/mutations/output-injection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"output-injection.d.ts","sourceRoot":"","sources":["../../src/mutations/output-injection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAkB,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAExC,MAAM,MAAM,aAAa,GACrB,KAAK,GACL,MAAM,GACN,SAAS,GACT,UAAU,GACV,MAAM,GACN,KAAK,GACL,MAAM,GACN,MAAM,CAAC;AAsIX,MAAM,WAAW,sBAAsB;IACrC,yDAAyD;IACzD,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,6CAA6C;IAC7C,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AAED,qBAAa,uBAAwB,YAAW,QAAQ;IACtD,QAAQ,CAAC,IAAI,sBAAsB;IACnC,QAAQ,CAAC,WAAW,6FACwE;IAC5F,QAAQ,CAAC,QAAQ,EAAG,MAAM,CAAU;IACpC,QAAQ,CAAC,SAAS,EAAE,SAAS,CAS1B;IACH,qBAAqB;IACrB,QAAQ,CAAC,aAAa,WAAW;IAEjC,OAAO,CAAC,aAAa,CAAC,CAAgB;IACtC,OAAO,CAAC,kBAAkB,CAAU;gBAExB,OAAO,GAAE,sBAA2B;IAKhD;;OAEG;IACH,OAAO,CAAC,MAAM;IAId;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAMxB,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;CA0B/B"}

package/dist/mutations/system-extraction.d.ts

@@ -0,0 +1,44 @@
+/**
+ * System Extraction Mutation - OWASP LLM06 (Sensitive Information Disclosure)
+ *
+ * This mutation attempts to extract the system prompt, configuration,
+ * or other sensitive setup information from the LLM.
+ *
+ * The attack targets scenarios where:
+ * - System prompts contain sensitive business logic
+ * - Configuration includes API keys or credentials
+ * - Instructions reveal security measures that could be bypassed
+ * - Hidden context contains proprietary information
+ *
+ * Reference: OWASP LLM Top 10 2025 - LLM06 Sensitive Information Disclosure
+ */
+import { type CvssScore } from '../severity';
+import type { Mutation } from './index';
+export type ExtractionTechnique = 'direct_ask' | 'roleplay' | 'completion' | 'debug_mode' | 'translation' | 'format_conversion' | 'reflection' | 'meta_prompt';
+export interface SystemExtractionOptions {
+    /** Preferred extraction technique (random if not specified) */
+    technique?: ExtractionTechnique;
+    /** Whether to add follow-up probes */
+    addFollowUp?: boolean;
+}
+export declare class SystemExtractionMutation implements Mutation {
+    readonly name = "system-extraction";
+    readonly description = "Attempts to extract system prompt, configuration, or sensitive setup info (OWASP LLM06)";
+    readonly severity: "high";
+    readonly cvssScore: CvssScore;
+    /** OWASP category */
+    readonly owaspCategory = "LLM06";
+    private technique?;
+    private addFollowUp;
+    constructor(options?: SystemExtractionOptions);
+    /**
+     * Get a random item from an array
+     */
+    private random;
+    /**
+     * Get extraction technique
+     */
+    private getTechnique;
+    mutate(prompt: string): string;
+}
+//# sourceMappingURL=system-extraction.d.ts.map

package/dist/mutations/system-extraction.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"system-extraction.d.ts","sourceRoot":"","sources":["../../src/mutations/system-extraction.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAkB,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAExC,MAAM,MAAM,mBAAmB,GAC3B,YAAY,GACZ,UAAU,GACV,YAAY,GACZ,YAAY,GACZ,aAAa,GACb,mBAAmB,GACnB,YAAY,GACZ,aAAa,CAAC;AA8ElB,MAAM,WAAW,uBAAuB;IACtC,+DAA+D;IAC/D,SAAS,CAAC,EAAE,mBAAmB,CAAC;IAChC,sCAAsC;IACtC,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,qBAAa,wBAAyB,YAAW,QAAQ;IACvD,QAAQ,CAAC,IAAI,uBAAuB;IACpC,QAAQ,CAAC,WAAW,6FACwE;IAC5F,QAAQ,CAAC,QAAQ,EAAG,MAAM,CAAU;IACpC,QAAQ,CAAC,SAAS,EAAE,SAAS,CAS1B;IACH,qBAAqB;IACrB,QAAQ,CAAC,aAAa,WAAW;IAEjC,OAAO,CAAC,SAAS,CAAC,CAAsB;IACxC,OAAO,CAAC,WAAW,CAAU;gBAEjB,OAAO,GAAE,uBAA4B;IAKjD;;OAEG;IACH,OAAO,CAAC,MAAM;IAId;;OAEG;IACH,OAAO,CAAC,YAAY;IAQpB,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;CAwB/B"}

package/dist/severity.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"severity.d.ts","sourceRoot":"","sources":["../src/severity.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,QAAQ,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE9D,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,QAAQ,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB,kCAAkC;IAClC,SAAS,EAAE,MAAM,CAAC;IAElB,kDAAkD;IAClD,YAAY,EAAE,SAAS,GAAG,OAAO,CAAC;IAElC,+CAA+C;IAC/C,gBAAgB,EAAE,KAAK,GAAG,MAAM,CAAC;IAEjC,yEAAyE;IACzE,eAAe,EAAE,OAAO,CAAC;IAEzB,yDAAyD;IACzD,qBAAqB,EAAE,MAAM,GAAG,KAAK,GAAG,MAAM,CAAC;IAE/C,oDAAoD;IACpD,eAAe,EAAE,MAAM,GAAG,KAAK,GAAG,MAAM,CAAC;IAEzC,oDAAoD;IACpD,kBAAkB,EAAE,MAAM,GAAG,KAAK,GAAG,MAAM,CAAC;IAE5C,wEAAwE;IACxE,oBAAoB,EAAE,MAAM,CAAC;IAE7B,wDAAwD;IACxD,aAAa,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM,CAAC;IAE5C,uCAAuC;IACvC,YAAY,EAAE,MAAM,CAAC;CACtB;AAaD,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CA6BhC;IAEF;;OAEG;IACH,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,GAAG,YAAY;IAIhD;;OAEG;IACH,MAAM,CAAC,OAAO,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,QAAQ,GAAG,MAAM;IAIhD;;OAEG;IACH,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,QAAQ,GAAG,QAAQ;IAI9C;;OAEG;IACH,MAAM,CAAC,cAAc,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,GAAG,OAAO;IAIvE;;OAEG;IACH,MAAM,CAAC,GAAG,IAAI,QAAQ,EAAE;IAIxB;;OAEG;IACH,MAAM,CAAC,SAAS,CAAC,UAAU,EAAE,QAAQ,EAAE,GAAG,QAAQ;IAKlD;;OAEG;IACH,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,QAAQ;CAM9C;AAED;;GAEG;AACH,qBAAa,cAAc;IACzB;;OAEG;IACH,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE;QACvB,YAAY,CAAC,EAAE,SAAS,GAAG,OAAO,CAAC;QACnC,gBAAgB,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;QAClC,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,qBAAqB,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,MAAM,CAAC;QAChD,eAAe,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,MAAM,CAAC;QAC1C,kBAAkB,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,MAAM,CAAC;QAC7C,oBAAoB,CAAC,EAAE,MAAM,CAAC;QAC9B,aAAa,CAAC,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM,CAAC;KAC9C,GAAG,SAAS;IA+Db;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,iBAAiB;IAsBhC;;OAEG;IACH,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,SAAS;IAgChD;;OAEG;IACH,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,SAAS,GAAG,MAAM;CAqC1C;AAED;;GAEG;AACH,eAAO,MAAM,oBAAoB,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAkE1D,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAkE3D,CAAC"}
+{"version":3,"file":"severity.d.ts","sourceRoot":"","sources":["../src/severity.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,QAAQ,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE9D,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,QAAQ,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB,kCAAkC;IAClC,SAAS,EAAE,MAAM,CAAC;IAElB,kDAAkD;IAClD,YAAY,EAAE,SAAS,GAAG,OAAO,CAAC;IAElC,+CAA+C;IAC/C,gBAAgB,EAAE,KAAK,GAAG,MAAM,CAAC;IAEjC,yEAAyE;IACzE,eAAe,EAAE,OAAO,CAAC;IAEzB,yDAAyD;IACzD,qBAAqB,EAAE,MAAM,GAAG,KAAK,GAAG,MAAM,CAAC;IAE/C,oDAAoD;IACpD,eAAe,EAAE,MAAM,GAAG,KAAK,GAAG,MAAM,CAAC;IAEzC,oDAAoD;IACpD,kBAAkB,EAAE,MAAM,GAAG,KAAK,GAAG,MAAM,CAAC;IAE5C,wEAAwE;IACxE,oBAAoB,EAAE,MAAM,CAAC;IAE7B,wDAAwD;IACxD,aAAa,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM,CAAC;IAE5C,uCAAuC;IACvC,YAAY,EAAE,MAAM,CAAC;CACtB;AAaD,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CA6BhC;IAEF;;OAEG;IACH,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,GAAG,YAAY;IAIhD;;OAEG;IACH,MAAM,CAAC,OAAO,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,QAAQ,GAAG,MAAM;IAIhD;;OAEG;IACH,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,QAAQ,GAAG,QAAQ;IAI9C;;OAEG;IACH,MAAM,CAAC,cAAc,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,GAAG,OAAO;IAIvE;;OAEG;IACH,MAAM,CAAC,GAAG,IAAI,QAAQ,EAAE;IAIxB;;OAEG;IACH,MAAM,CAAC,SAAS,CAAC,UAAU,EAAE,QAAQ,EAAE,GAAG,QAAQ;IAKlD;;OAEG;IACH,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,QAAQ;CAM9C;AAED;;GAEG;AACH,qBAAa,cAAc;IACzB;;OAEG;IACH,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE;QACvB,YAAY,CAAC,EAAE,SAAS,GAAG,OAAO,CAAC;QACnC,gBAAgB,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;QAClC,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,qBAAqB,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,MAAM,CAAC;QAChD,eAAe,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,MAAM,CAAC;QAC1C,kBAAkB,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,MAAM,CAAC;QAC7C,oBAAoB,CAAC,EAAE,MAAM,CAAC;QAC9B,aAAa,CAAC,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM,CAAC;KAC9C,GAAG,SAAS;IA+Db;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,iBAAiB;IAsBhC;;OAEG;IACH,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,SAAS;IAgChD;;OAEG;IACH,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,SAAS,GAAG,MAAM;CAqC1C;AAED;;GAEG;AACH,eAAO,MAAM,oBAAoB,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAwJ1D,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAkE3D,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@artemiskit/redteam",
-  "version": "0.2.4",
+  "version": "0.3.0",
   "description": "Red-team adversarial security testing for ArtemisKit LLM evaluation toolkit",
   "type": "module",
   "license": "Apache-2.0",
@@ -39,7 +39,7 @@
     "test": "bun test"
   },
   "dependencies": {
-    "@artemiskit/core": "0.2.4",
+    "@artemiskit/core": "0.3.0",
     "yaml": "2.8.2"
   },
   "devDependencies": {

package/src/index.ts

@@ -3,9 +3,20 @@
  * Red-team testing module for Artemis Agent Reliability Toolkit
  */
 
+// ==========================================
+// Core Mutations & OWASP Mutations
+// ==========================================
 export * from './mutations';
+
+// ==========================================
+// Generator & Detector
+// ==========================================
 export { RedTeamGenerator, type GeneratedPrompt } from './generator';
 export { UnsafeResponseDetector, type DetectionResult } from './detector';
+
+// ==========================================
+// Severity & CVSS Scoring
+// ==========================================
 export {
   SeverityMapper,
   CvssCalculator,
@@ -15,6 +26,10 @@ export {
   type SeverityInfo,
   type CvssScore,
 } from './severity';
+
+// ==========================================
+// Custom Attacks
+// ==========================================
 export {
   CustomMutation,
   loadCustomAttacks,
@@ -23,3 +38,12 @@ export {
   type CustomAttackDefinition,
   type CustomAttacksFile,
 } from './custom-attacks';
+
+// ==========================================
+// OWASP Utilities
+// ==========================================
+export {
+  OWASP_CATEGORIES,
+  getMutationsForCategory,
+  getAllOwaspMutationNames,
+} from './mutations';