@clear-capabilities/agentic-security-scanner 0.78.0 → 0.80.0

package/src/sast/.agentic-security/findings.json

@@ -1,9 +1,9 @@
 {
-  "scanId": "ea560b58-b8fa-4f5e-9e91-bdcd30277723",
-  "startedAt": "2026-05-27T09:43:27.404Z",
-  "durationMs": 2801,
+  "scanId": "de568f01-badb-4288-835d-135419be3ef8",
+  "startedAt": "2026-05-29T17:04:05.061Z",
+  "durationMs": 3114,
   "scanned": {
-    "files": 79,
+    "files": 90,
     "lines": 0
   },
   "findings": [
@@ -1389,7 +1389,8 @@
       "exploitabilityTier": "low",
       "exploitabilityFactors": [
         "sev:low",
-        "unreachable"
+        "unreachable",
+        "waf"
       ],
       "clusterSize": null,
       "unreachable": true,
@@ -1623,7 +1624,8 @@
       "exploitabilityTier": "low",
       "exploitabilityFactors": [
         "sev:low",
-        "unreachable"
+        "unreachable",
+        "waf"
       ],
       "clusterSize": null,
       "unreachable": true,
@@ -1847,7 +1849,8 @@
       "exploitabilityTier": "low",
       "exploitabilityFactors": [
         "sev:low",
-        "unreachable"
+        "unreachable",
+        "waf"
       ],
       "clusterSize": null,
       "unreachable": true,
@@ -2071,7 +2074,8 @@
       "exploitabilityTier": "low",
       "exploitabilityFactors": [
         "sev:low",
-        "unreachable"
+        "unreachable",
+        "waf"
       ],
       "clusterSize": null,
       "unreachable": true,
@@ -2197,6 +2201,710 @@
       "bountyConfidence": null,
       "attackPlaybook": null
     },
+    {
+      "id": "authz:crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "kind": "authz",
+      "severity": "low",
+      "vuln": "AuthZ: jwt.verify called without algorithms allow-list",
+      "cwe": "CWE-347",
+      "owaspLlm": null,
+      "stride": "Elevation of Privilege",
+      "file": "crypto-protocol.js",
+      "line": 332,
+      "snippet": "// jwt.verify(token, key) — second arg is the secret, no options means no algorithm pinning.",
+      "fix": {
+        "description": "Pass `{ algorithms: [\"RS256\"] }` (or HS256) explicitly to `jwt.verify`. Without it, an attacker can forge a token using an unexpected algorithm (alg:none, or HS256-signed with the public key for an RS256 issuer).",
+        "code": ""
+      },
+      "reachable": false,
+      "triage": 39,
+      "dataClasses": [],
+      "chain": null,
+      "confidence": 0.85,
+      "toxicity": 3,
+      "toxicityFactors": [],
+      "toxicityLabel": "Low",
+      "sources": null,
+      "epssScore": null,
+      "epssPercentile": null,
+      "epssCve": null,
+      "exploitedNow": false,
+      "tags": null,
+      "blastRadius": {
+        "scope": "all-users",
+        "dataAtRisk": [
+          "auth-tokens"
+        ],
+        "userCount": 50,
+        "industry": "generic",
+        "jurisdictions": [],
+        "controlsApplied": [],
+        "dollarBest": 24500,
+        "dollarLikely": 139500,
+        "dollarWorst": 780000,
+        "dollarLow": 24500,
+        "dollarHigh": 780000,
+        "components": {
+          "incidentResponse": {
+            "low": 8000,
+            "likely": 50000,
+            "high": 250000
+          },
+          "legal": {
+            "low": 10000,
+            "likely": 75000,
+            "high": 500000
+          },
+          "crisisPR": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          },
+          "notification": {
+            "low": 5000,
+            "likely": 10000,
+            "high": 15000
+          },
+          "creditMonitoring": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          },
+          "regulatoryFines": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          },
+          "directDamage": {
+            "low": 1500,
+            "likely": 4500,
+            "high": 15000
+          },
+          "classAction": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          },
+          "lostBusiness": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          }
+        },
+        "dominantDriver": "legal counsel",
+        "comparable": "JWT forging incidents — auth bypass typically chains to full account takeover",
+        "confidence": "low",
+        "narrative": "AuthZ: jwt.verify called without algorithms allow-list on `crypto-protocol.js:332` could expose session tokens for ~50 users. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $25k · likely $140k · worst $780k. Dominant driver: legal counsel. Comparable: JWT forging incidents — auth bypass typically chains to full account takeover."
+      },
+      "stableId": "c48ab031d258e9c6",
+      "confidenceTier": "high",
+      "exploitability": 0,
+      "exploitabilityTier": "low",
+      "exploitabilityFactors": [
+        "sev:low",
+        "unreachable",
+        "waf"
+      ],
+      "clusterSize": null,
+      "unreachable": true,
+      "validator_verdict": "unvalidated",
+      "llm_confidence": null,
+      "unvalidated": true,
+      "cross_language": false,
+      "family": "idor",
+      "parser": "REGEX",
+      "_unsigned": false,
+      "_passThroughSigning": false,
+      "signatureStatus": "verified",
+      "regression_test": null,
+      "poc": null,
+      "calibrated_confidence": null,
+      "calibrated_confidence_ci": null,
+      "calibrated_n": 14,
+      "calibration_reason": "insufficient-samples",
+      "verifier_verdict": "cannot-verify",
+      "verifier_reason": "no-poc-no-sanitizer-rule",
+      "verifier_runner": null,
+      "narration": null,
+      "mitigationVerdict": "unreachable-in-prod",
+      "mitigationsApplied": [],
+      "mitigatedByWaf": false,
+      "wafRuleId": null,
+      "mitigatedByAuth": false,
+      "authMechanism": null,
+      "mitigatedByNetwork": false,
+      "networkExposure": null,
+      "featureFlag": null,
+      "featureFlagState": null,
+      "featureFlagRollout": null,
+      "exposedInProd": false,
+      "unreachableInProd": true,
+      "coldPath": false,
+      "hotPath": false,
+      "prodRequestCount": null,
+      "crownJewelScore": 0.4,
+      "crownJewelTier": "high-value",
+      "crownJewelFactors": [
+        "crypto-keys",
+        "shell-execution"
+      ],
+      "cloneClusterId": null,
+      "cloneClusterSize": 1,
+      "provenance": "human-likely",
+      "provenanceScore": 0.28,
+      "typeNarrowed": null,
+      "strideCategory": "spoofing",
+      "personaScores": {
+        "script-kiddie": {
+          "score": 0.2,
+          "tier": "low",
+          "factors": [
+            "sev:low"
+          ]
+        },
+        "opportunistic-criminal": {
+          "score": 0.65,
+          "tier": "high",
+          "factors": [
+            "sev:low",
+            "bias:idor+0.25",
+            "crown-jewel-adj"
+          ]
+        },
+        "apt-nation-state": {
+          "score": 0.2,
+          "tier": "low",
+          "factors": [
+            "sev:low"
+          ]
+        },
+        "supply-chain-attacker": {
+          "score": 0.2,
+          "tier": "low",
+          "factors": [
+            "sev:low"
+          ]
+        },
+        "malicious-insider": {
+          "score": 0.7,
+          "tier": "high",
+          "factors": [
+            "sev:low",
+            "bias:idor+0.30",
+            "authz-bypass-favored"
+          ]
+        }
+      },
+      "personaTopTwo": [
+        "malicious-insider",
+        "opportunistic-criminal"
+      ],
+      "personaMaxName": "malicious-insider",
+      "personaMaxScore": 0.7,
+      "reverseExposure": null,
+      "specMined": null,
+      "whyFired": {
+        "detector": "sast/idor",
+        "ruleId": "CWE-347",
+        "parser": "REGEX",
+        "evidence": {
+          "sinkSnippet": "// jwt.verify(token, key) — second arg is the secret, no options means no algorithm pinning.",
+          "sourceSnippet": null,
+          "pathSteps": [],
+          "sanitizers": [],
+          "guards": []
+        },
+        "considered": {
+          "suppressionsApplied": [],
+          "suppressionsSkipped": [],
+          "reachabilityFilter": "demoted",
+          "clusterCollapsed": false,
+          "typeNarrowed": false,
+          "crownJewelTier": "high-value",
+          "mitigationVerdict": "unreachable-in-prod"
+        },
+        "scanner": {
+          "rulesetVersion": null,
+          "packHash": null,
+          "modelId": null
+        }
+      },
+      "adversaryTranscript": null,
+      "predictedBountyUsd": {
+        "low": 0,
+        "likely": 30,
+        "high": 100,
+        "program": "web2"
+      },
+      "bountyConfidence": "medium",
+      "attackPlaybook": null
+    },
+    {
+      "id": "authz:crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "kind": "authz",
+      "severity": "low",
+      "vuln": "AuthZ: jwt.verify called without algorithms allow-list",
+      "cwe": "CWE-347",
+      "owaspLlm": null,
+      "stride": "Elevation of Privilege",
+      "file": "crypto-protocol.js",
+      "line": 333,
+      "snippet": "// node jsonwebtoken: jwt.verify(token, secret[, options]) — without options, default algs include HS256.",
+      "fix": {
+        "description": "Pass `{ algorithms: [\"RS256\"] }` (or HS256) explicitly to `jwt.verify`. Without it, an attacker can forge a token using an unexpected algorithm (alg:none, or HS256-signed with the public key for an RS256 issuer).",
+        "code": ""
+      },
+      "reachable": false,
+      "triage": 39,
+      "dataClasses": [],
+      "chain": null,
+      "confidence": 0.85,
+      "toxicity": 3,
+      "toxicityFactors": [],
+      "toxicityLabel": "Low",
+      "sources": null,
+      "epssScore": null,
+      "epssPercentile": null,
+      "epssCve": null,
+      "exploitedNow": false,
+      "tags": null,
+      "blastRadius": {
+        "scope": "all-users",
+        "dataAtRisk": [
+          "auth-tokens"
+        ],
+        "userCount": 50,
+        "industry": "generic",
+        "jurisdictions": [],
+        "controlsApplied": [],
+        "dollarBest": 24500,
+        "dollarLikely": 139500,
+        "dollarWorst": 780000,
+        "dollarLow": 24500,
+        "dollarHigh": 780000,
+        "components": {
+          "incidentResponse": {
+            "low": 8000,
+            "likely": 50000,
+            "high": 250000
+          },
+          "legal": {
+            "low": 10000,
+            "likely": 75000,
+            "high": 500000
+          },
+          "crisisPR": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          },
+          "notification": {
+            "low": 5000,
+            "likely": 10000,
+            "high": 15000
+          },
+          "creditMonitoring": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          },
+          "regulatoryFines": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          },
+          "directDamage": {
+            "low": 1500,
+            "likely": 4500,
+            "high": 15000
+          },
+          "classAction": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          },
+          "lostBusiness": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          }
+        },
+        "dominantDriver": "legal counsel",
+        "comparable": "JWT forging incidents — auth bypass typically chains to full account takeover",
+        "confidence": "low",
+        "narrative": "AuthZ: jwt.verify called without algorithms allow-list on `crypto-protocol.js:333` could expose session tokens for ~50 users. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $25k · likely $140k · worst $780k. Dominant driver: legal counsel. Comparable: JWT forging incidents — auth bypass typically chains to full account takeover."
+      },
+      "stableId": "a5194d146d06f0d3",
+      "confidenceTier": "high",
+      "exploitability": 0,
+      "exploitabilityTier": "low",
+      "exploitabilityFactors": [
+        "sev:low",
+        "unreachable",
+        "waf"
+      ],
+      "clusterSize": null,
+      "unreachable": true,
+      "validator_verdict": "unvalidated",
+      "llm_confidence": null,
+      "unvalidated": true,
+      "cross_language": false,
+      "family": "idor",
+      "parser": "REGEX",
+      "_unsigned": false,
+      "_passThroughSigning": false,
+      "signatureStatus": "verified",
+      "regression_test": null,
+      "poc": null,
+      "calibrated_confidence": null,
+      "calibrated_confidence_ci": null,
+      "calibrated_n": 14,
+      "calibration_reason": "insufficient-samples",
+      "verifier_verdict": "cannot-verify",
+      "verifier_reason": "no-poc-no-sanitizer-rule",
+      "verifier_runner": null,
+      "narration": null,
+      "mitigationVerdict": "unreachable-in-prod",
+      "mitigationsApplied": [],
+      "mitigatedByWaf": false,
+      "wafRuleId": null,
+      "mitigatedByAuth": false,
+      "authMechanism": null,
+      "mitigatedByNetwork": false,
+      "networkExposure": null,
+      "featureFlag": null,
+      "featureFlagState": null,
+      "featureFlagRollout": null,
+      "exposedInProd": false,
+      "unreachableInProd": true,
+      "coldPath": false,
+      "hotPath": false,
+      "prodRequestCount": null,
+      "crownJewelScore": 0.4,
+      "crownJewelTier": "high-value",
+      "crownJewelFactors": [
+        "crypto-keys",
+        "shell-execution"
+      ],
+      "cloneClusterId": null,
+      "cloneClusterSize": 1,
+      "provenance": "human-likely",
+      "provenanceScore": 0.28,
+      "typeNarrowed": null,
+      "strideCategory": "spoofing",
+      "personaScores": {
+        "script-kiddie": {
+          "score": 0.2,
+          "tier": "low",
+          "factors": [
+            "sev:low"
+          ]
+        },
+        "opportunistic-criminal": {
+          "score": 0.65,
+          "tier": "high",
+          "factors": [
+            "sev:low",
+            "bias:idor+0.25",
+            "crown-jewel-adj"
+          ]
+        },
+        "apt-nation-state": {
+          "score": 0.2,
+          "tier": "low",
+          "factors": [
+            "sev:low"
+          ]
+        },
+        "supply-chain-attacker": {
+          "score": 0.2,
+          "tier": "low",
+          "factors": [
+            "sev:low"
+          ]
+        },
+        "malicious-insider": {
+          "score": 0.7,
+          "tier": "high",
+          "factors": [
+            "sev:low",
+            "bias:idor+0.30",
+            "authz-bypass-favored"
+          ]
+        }
+      },
+      "personaTopTwo": [
+        "malicious-insider",
+        "opportunistic-criminal"
+      ],
+      "personaMaxName": "malicious-insider",
+      "personaMaxScore": 0.7,
+      "reverseExposure": null,
+      "specMined": null,
+      "whyFired": {
+        "detector": "sast/idor",
+        "ruleId": "CWE-347",
+        "parser": "REGEX",
+        "evidence": {
+          "sinkSnippet": "// node jsonwebtoken: jwt.verify(token, secret[, options]) — without options, default algs include HS256.",
+          "sourceSnippet": null,
+          "pathSteps": [],
+          "sanitizers": [],
+          "guards": []
+        },
+        "considered": {
+          "suppressionsApplied": [],
+          "suppressionsSkipped": [],
+          "reachabilityFilter": "demoted",
+          "clusterCollapsed": false,
+          "typeNarrowed": false,
+          "crownJewelTier": "high-value",
+          "mitigationVerdict": "unreachable-in-prod"
+        },
+        "scanner": {
+          "rulesetVersion": null,
+          "packHash": null,
+          "modelId": null
+        }
+      },
+      "adversaryTranscript": null,
+      "predictedBountyUsd": {
+        "low": 0,
+        "likely": 30,
+        "high": 100,
+        "program": "web2"
+      },
+      "bountyConfidence": "medium",
+      "attackPlaybook": null
+    },
+    {
+      "id": "prompt-tpl:k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "kind": "sast",
+      "severity": "low",
+      "vuln": "Prompt Template: user input interpolated into prompt string without isolation",
+      "cwe": "CWE-1336",
+      "owaspLlm": null,
+      "stride": "Spoofing",
+      "file": "k8s-admission.js",
+      "line": 139,
+      "snippet": "`${kind} binds a role to system:anonymous / system:unauthenticated`,",
+      "fix": {
+        "description": "Prefer the messages array form: `messages=[{\"role\":\"system\",\"content\":SYS},{\"role\":\"user\",\"content\":user_input}]`. Or wrap interpolations with isolation markers and instruct the model to treat content inside them as data only.",
+        "code": ""
+      },
+      "reachable": false,
+      "triage": 39,
+      "dataClasses": [],
+      "chain": null,
+      "confidence": 0.204,
+      "toxicity": 3,
+      "toxicityFactors": [],
+      "toxicityLabel": "Low",
+      "sources": null,
+      "epssScore": null,
+      "epssPercentile": null,
+      "epssCve": null,
+      "exploitedNow": false,
+      "tags": null,
+      "blastRadius": {
+        "scope": "all-users",
+        "dataAtRisk": [
+          "config"
+        ],
+        "userCount": 50,
+        "industry": "generic",
+        "jurisdictions": [],
+        "controlsApplied": [],
+        "dollarBest": 23250,
+        "dollarLikely": 136250,
+        "dollarWorst": 775000,
+        "dollarLow": 23250,
+        "dollarHigh": 775000,
+        "components": {
+          "incidentResponse": {
+            "low": 8000,
+            "likely": 50000,
+            "high": 250000
+          },
+          "legal": {
+            "low": 10000,
+            "likely": 75000,
+            "high": 500000
+          },
+          "crisisPR": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          },
+          "notification": {
+            "low": 5000,
+            "likely": 10000,
+            "high": 15000
+          },
+          "creditMonitoring": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          },
+          "regulatoryFines": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          },
+          "directDamage": {
+            "low": 250,
+            "likely": 1250,
+            "high": 10000
+          },
+          "classAction": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          },
+          "lostBusiness": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          }
+        },
+        "dominantDriver": "legal counsel",
+        "comparable": "Server-side template injection (Pug/Jinja2/Twig) → routine path to RCE",
+        "confidence": "low",
+        "narrative": "Prompt Template: user input interpolated into prompt string without isolation on `k8s-admission.js:139` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Server-side template injection (Pug/Jinja2/Twig) → routine path to RCE."
+      },
+      "stableId": "df30723aa047f227",
+      "confidenceTier": "very-low",
+      "exploitability": 0,
+      "exploitabilityTier": "low",
+      "exploitabilityFactors": [
+        "sev:low",
+        "unreachable",
+        "waf"
+      ],
+      "clusterSize": 2,
+      "unreachable": true,
+      "validator_verdict": "unvalidated",
+      "llm_confidence": null,
+      "unvalidated": true,
+      "cross_language": false,
+      "family": "prompt-template-user-input-interpolated-",
+      "parser": "REGEX",
+      "_unsigned": false,
+      "_passThroughSigning": false,
+      "signatureStatus": "verified",
+      "regression_test": null,
+      "poc": null,
+      "calibrated_confidence": null,
+      "calibrated_confidence_ci": null,
+      "calibrated_n": 0,
+      "calibration_reason": "no-history",
+      "verifier_verdict": "cannot-verify",
+      "verifier_reason": "no-poc-no-sanitizer-rule",
+      "verifier_runner": null,
+      "narration": null,
+      "mitigationVerdict": "unreachable-in-prod",
+      "mitigationsApplied": [],
+      "mitigatedByWaf": false,
+      "wafRuleId": null,
+      "mitigatedByAuth": false,
+      "authMechanism": null,
+      "mitigatedByNetwork": false,
+      "networkExposure": null,
+      "featureFlag": null,
+      "featureFlagState": null,
+      "featureFlagRollout": null,
+      "exposedInProd": false,
+      "unreachableInProd": true,
+      "coldPath": false,
+      "hotPath": false,
+      "prodRequestCount": null,
+      "crownJewelScore": 0.15,
+      "crownJewelTier": "low-value",
+      "crownJewelFactors": [
+        "shell-execution"
+      ],
+      "cloneClusterId": null,
+      "cloneClusterSize": 1,
+      "provenance": "human-likely",
+      "provenanceScore": 0.12,
+      "typeNarrowed": null,
+      "strideCategory": null,
+      "personaScores": {
+        "script-kiddie": {
+          "score": 0.2,
+          "tier": "low",
+          "factors": [
+            "sev:low"
+          ]
+        },
+        "opportunistic-criminal": {
+          "score": 0.2,
+          "tier": "low",
+          "factors": [
+            "sev:low"
+          ]
+        },
+        "apt-nation-state": {
+          "score": 0.2,
+          "tier": "low",
+          "factors": [
+            "sev:low"
+          ]
+        },
+        "supply-chain-attacker": {
+          "score": 0.2,
+          "tier": "low",
+          "factors": [
+            "sev:low"
+          ]
+        },
+        "malicious-insider": {
+          "score": 0.2,
+          "tier": "low",
+          "factors": [
+            "sev:low"
+          ]
+        }
+      },
+      "personaTopTwo": [
+        "script-kiddie",
+        "opportunistic-criminal"
+      ],
+      "personaMaxName": "script-kiddie",
+      "personaMaxScore": 0.2,
+      "reverseExposure": null,
+      "specMined": null,
+      "whyFired": {
+        "detector": "sast/prompt-template-user-input-interpolated-",
+        "ruleId": "CWE-1336",
+        "parser": "REGEX",
+        "evidence": {
+          "sinkSnippet": "`${kind} binds a role to system:anonymous / system:unauthenticated`,",
+          "sourceSnippet": null,
+          "pathSteps": [],
+          "sanitizers": [],
+          "guards": []
+        },
+        "considered": {
+          "suppressionsApplied": [],
+          "suppressionsSkipped": [],
+          "reachabilityFilter": "demoted",
+          "clusterCollapsed": true,
+          "typeNarrowed": false,
+          "crownJewelTier": "low-value",
+          "mitigationVerdict": "unreachable-in-prod"
+        },
+        "scanner": {
+          "rulesetVersion": null,
+          "packHash": null,
+          "modelId": null
+        }
+      },
+      "adversaryTranscript": null,
+      "predictedBountyUsd": null,
+      "bountyConfidence": null,
+      "attackPlaybook": null
+    },
     {
       "id": "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
       "kind": "sast",
@@ -2298,7 +3006,8 @@
       "exploitabilityTier": "low",
       "exploitabilityFactors": [
         "sev:low",
-        "unreachable"
+        "unreachable",
+        "waf"
       ],
       "clusterSize": null,
       "unreachable": true,
@@ -2525,7 +3234,8 @@
       "exploitabilityTier": "low",
       "exploitabilityFactors": [
         "sev:low",
-        "unreachable"
+        "unreachable",
+        "waf"
       ],
       "clusterSize": null,
       "unreachable": true,
@@ -2752,7 +3462,8 @@
       "exploitabilityTier": "low",
       "exploitabilityFactors": [
         "sev:low",
-        "unreachable"
+        "unreachable",
+        "waf"
       ],
       "clusterSize": null,
       "unreachable": true,
@@ -2979,7 +3690,8 @@
       "exploitabilityTier": "low",
       "exploitabilityFactors": [
         "sev:low",
-        "unreachable"
+        "unreachable",
+        "waf"
       ],
       "clusterSize": null,
       "unreachable": true,
@@ -3203,7 +3915,8 @@
       "exploitabilityTier": "low",
       "exploitabilityFactors": [
         "sev:low",
-        "unreachable"
+        "unreachable",
+        "waf"
       ],
       "clusterSize": null,
       "unreachable": true,
@@ -3448,7 +4161,8 @@
       "exploitabilityTier": "low",
       "exploitabilityFactors": [
         "sev:low",
-        "unreachable"
+        "unreachable",
+        "waf"
       ],
       "clusterSize": null,
       "unreachable": true,
@@ -3597,6 +4311,231 @@
       "bountyConfidence": "high",
       "attackPlaybook": null
     },
+    {
+      "id": "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "kind": "sast",
+      "severity": "low",
+      "vuln": "System prompt missing explicit anti-injection guidance — model may follow user-supplied \"ignore previous\" attacks",
+      "cwe": "CWE-77",
+      "owaspLlm": null,
+      "stride": null,
+      "file": "llm-app.js",
+      "line": 104,
+      "snippet": "'Pass system prompt and user message as separate role-tagged messages: `chat.create({messages: [{role:\"system\", content:S}, {role:\"user\", content:U}]})`. Concatenation merges the two trust levels into",
+      "fix": null,
+      "reachable": false,
+      "triage": 22,
+      "dataClasses": [],
+      "chain": null,
+      "confidence": 0.157,
+      "toxicity": 3,
+      "toxicityFactors": [],
+      "toxicityLabel": "Low",
+      "sources": null,
+      "epssScore": null,
+      "epssPercentile": null,
+      "epssCve": null,
+      "exploitedNow": false,
+      "tags": null,
+      "blastRadius": {
+        "scope": "all-users",
+        "dataAtRisk": [
+          "config"
+        ],
+        "userCount": 50,
+        "industry": "generic",
+        "jurisdictions": [],
+        "controlsApplied": [],
+        "dollarBest": 23250,
+        "dollarLikely": 136250,
+        "dollarWorst": 775000,
+        "dollarLow": 23250,
+        "dollarHigh": 775000,
+        "components": {
+          "incidentResponse": {
+            "low": 8000,
+            "likely": 50000,
+            "high": 250000
+          },
+          "legal": {
+            "low": 10000,
+            "likely": 75000,
+            "high": 500000
+          },
+          "crisisPR": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          },
+          "notification": {
+            "low": 5000,
+            "likely": 10000,
+            "high": 15000
+          },
+          "creditMonitoring": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          },
+          "regulatoryFines": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          },
+          "directDamage": {
+            "low": 250,
+            "likely": 1250,
+            "high": 10000
+          },
+          "classAction": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          },
+          "lostBusiness": {
+            "low": 0,
+            "likely": 0,
+            "high": 0
+          }
+        },
+        "dominantDriver": "legal counsel",
+        "comparable": "Generic finding — likely cost driven by user count + jurisdiction stack",
+        "confidence": "low",
+        "narrative": "System prompt missing explicit anti-injection guidance — model may follow user-supplied \"ignore previous\" attacks on `llm-app.js:104` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
+      },
+      "stableId": "e7f84e7a70ed227a",
+      "confidenceTier": "very-low",
+      "exploitability": 0,
+      "exploitabilityTier": "low",
+      "exploitabilityFactors": [
+        "sev:low",
+        "unreachable",
+        "waf"
+      ],
+      "clusterSize": null,
+      "unreachable": true,
+      "validator_verdict": "unvalidated",
+      "llm_confidence": null,
+      "unvalidated": true,
+      "cross_language": false,
+      "family": "system-prompt-missing-explicit-anti-inje",
+      "parser": "REGEX",
+      "_unsigned": false,
+      "_passThroughSigning": false,
+      "signatureStatus": "verified",
+      "regression_test": null,
+      "poc": null,
+      "calibrated_confidence": null,
+      "calibrated_confidence_ci": null,
+      "calibrated_n": 0,
+      "calibration_reason": "no-history",
+      "verifier_verdict": "cannot-verify",
+      "verifier_reason": "no-poc-no-sanitizer-rule",
+      "verifier_runner": null,
+      "narration": null,
+      "mitigationVerdict": "unreachable-in-prod",
+      "mitigationsApplied": [],
+      "mitigatedByWaf": false,
+      "wafRuleId": null,
+      "mitigatedByAuth": false,
+      "authMechanism": null,
+      "mitigatedByNetwork": false,
+      "networkExposure": null,
+      "featureFlag": null,
+      "featureFlagState": null,
+      "featureFlagRollout": null,
+      "exposedInProd": false,
+      "unreachableInProd": true,
+      "coldPath": false,
+      "hotPath": false,
+      "prodRequestCount": null,
+      "crownJewelScore": 0.15,
+      "crownJewelTier": "low-value",
+      "crownJewelFactors": [
+        "shell-execution"
+      ],
+      "cloneClusterId": "248b4a9e5115c68b",
+      "cloneClusterSize": 1,
+      "provenance": "human-likely",
+      "provenanceScore": 0.22,
+      "typeNarrowed": null,
+      "strideCategory": "tampering",
+      "personaScores": {
+        "script-kiddie": {
+          "score": 0.2,
+          "tier": "low",
+          "factors": [
+            "sev:low"
+          ]
+        },
+        "opportunistic-criminal": {
+          "score": 0.2,
+          "tier": "low",
+          "factors": [
+            "sev:low"
+          ]
+        },
+        "apt-nation-state": {
+          "score": 0.2,
+          "tier": "low",
+          "factors": [
+            "sev:low"
+          ]
+        },
+        "supply-chain-attacker": {
+          "score": 0.2,
+          "tier": "low",
+          "factors": [
+            "sev:low"
+          ]
+        },
+        "malicious-insider": {
+          "score": 0.2,
+          "tier": "low",
+          "factors": [
+            "sev:low"
+          ]
+        }
+      },
+      "personaTopTwo": [
+        "script-kiddie",
+        "opportunistic-criminal"
+      ],
+      "personaMaxName": "script-kiddie",
+      "personaMaxScore": 0.2,
+      "reverseExposure": null,
+      "specMined": null,
+      "whyFired": {
+        "detector": "sast/system-prompt-missing-explicit-anti-inje",
+        "ruleId": "CWE-77",
+        "parser": "REGEX",
+        "evidence": {
+          "sinkSnippet": "'Pass system prompt and user message as separate role-tagged messages: `chat.create({messages: [{role:\"system\", content:S}, {role:\"user\", content:U}]})`. Concatenation merges the two trust levels into",
+          "sourceSnippet": null,
+          "pathSteps": [],
+          "sanitizers": [],
+          "guards": []
+        },
+        "considered": {
+          "suppressionsApplied": [],
+          "suppressionsSkipped": [],
+          "reachabilityFilter": "demoted",
+          "clusterCollapsed": false,
+          "typeNarrowed": false,
+          "crownJewelTier": "low-value",
+          "mitigationVerdict": "unreachable-in-prod"
+        },
+        "scanner": {
+          "rulesetVersion": null,
+          "packHash": null,
+          "modelId": null
+        }
+      },
+      "adversaryTranscript": null,
+      "predictedBountyUsd": null,
+      "bountyConfidence": null,
+      "attackPlaybook": null
+    },
     {
       "id": "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
       "kind": "sast",
@@ -3698,7 +4637,8 @@
       "exploitabilityTier": "low",
       "exploitabilityFactors": [
         "sev:low",
-        "unreachable"
+        "unreachable",
+        "waf"
       ],
       "clusterSize": null,
       "unreachable": true,
@@ -3927,7 +4867,8 @@
       "exploitabilityTier": "low",
       "exploitabilityFactors": [
         "sev:low",
-        "unreachable"
+        "unreachable",
+        "waf"
       ],
       "clusterSize": null,
       "unreachable": true,
@@ -4174,7 +5115,8 @@
       "exploitabilityTier": "low",
       "exploitabilityFactors": [
         "sev:low",
-        "unreachable"
+        "unreachable",
+        "waf"
       ],
       "clusterSize": null,
       "unreachable": true,
@@ -4421,7 +5363,8 @@
       "exploitabilityTier": "low",
       "exploitabilityFactors": [
         "sev:low",
-        "unreachable"
+        "unreachable",
+        "waf"
       ],
       "clusterSize": null,
       "unreachable": true,
@@ -4668,7 +5611,8 @@
       "exploitabilityTier": "low",
       "exploitabilityFactors": [
         "sev:low",
-        "unreachable"
+        "unreachable",
+        "waf"
       ],
       "clusterSize": null,
       "unreachable": true,
@@ -4834,7 +5778,7 @@
     }
   ],
   "components": [],
-  "suppressedCount": 25,
+  "suppressedCount": 32,
   "blastRadiusSignals": {
     "industry": "generic",
     "industryConfidence": "low",
@@ -4852,15 +5796,15 @@
   "_v3": {
     "counterfactual": {
       "spofControls": [],
-      "controlsDetected": 1928
+      "controlsDetected": 2344
     },
     "threatModel": {
       "summary": {
-        "assetCount": 13,
+        "assetCount": 14,
         "boundaryCount": 2,
         "strideCounts": {
-          "spoofing": 1,
-          "tampering": 8,
+          "spoofing": 3,
+          "tampering": 9,
           "repudiation": 0,
           "informationDisclosure": 0,
           "denialOfService": 3,
@@ -4903,6 +5847,13 @@
           "category": "session",
           "exposure": "internal"
         },
+        {
+          "name": "session",
+          "file": "cpp.js",
+          "line": 311,
+          "category": "session",
+          "exposure": "internal"
+        },
         {
           "name": "session",
           "file": "dart-flutter.js",
@@ -4981,6 +5932,18 @@
             "file": "authz.js",
             "line": 33,
             "severity": "low"
+          },
+          {
+            "vuln": "AuthZ: jwt.verify called without algorithms allow-list",
+            "file": "crypto-protocol.js",
+            "line": 332,
+            "severity": "low"
+          },
+          {
+            "vuln": "AuthZ: jwt.verify called without algorithms allow-list",
+            "file": "crypto-protocol.js",
+            "line": 333,
+            "severity": "low"
           }
         ],
         "tampering": [
@@ -5008,6 +5971,12 @@
             "line": 39,
             "severity": "low"
           },
+          {
+            "vuln": "System prompt missing explicit anti-injection guidance — model may follow user-supplied \"ignore previous\" attacks",
+            "file": "llm-app.js",
+            "line": 104,
+            "severity": "low"
+          },
           {
             "vuln": "SSRF: explicit reference to cloud instance-metadata endpoint",
             "file": "python-sinks.js",
@@ -5059,7 +6028,7 @@
       }
     },
     "trustBoundaryDiagram": {
-      "mermaid": "flowchart LR\n  INTERNET((Internet))\n  APP[\"Application\"]\n  db_dart_flutter_js_62[(\"db@dart-flutter.js:62\")]\n  db_llm_stored_prompt_js_16[(\"db@llm-stored-prompt.js:16\")]\n  asset_secret_NEXTAUTH_SECRET[/\"secret: NEXTAUTH_SECRET\"/]\n  asset_secret_OAUTH_CLIENT_SECRET[/\"secret: OAUTH_CLIENT_SECRET\"/]\n  asset_session_session[/\"session: session\"/]\n  asset_identity_identity[/\"identity: identity\"/]\n  asset_secret_STRIPE_WEBHOOK_SECRET[/\"secret: STRIPE_WEBHOOK_SECRET\"/]\n  APP -->|db| db_dart_flutter_js_62\n  APP -->|db| db_llm_stored_prompt_js_16\n  APP -->|asset| asset_secret_NEXTAUTH_SECRET\n  APP -->|asset| asset_secret_OAUTH_CLIENT_SECRET\n  APP -->|asset| asset_session_session\n  APP -->|asset| asset_session_session\n  APP -->|asset| asset_session_session\n  APP -->|asset| asset_session_session\n  APP -->|asset| asset_session_session\n  APP -->|asset| asset_session_session\n  APP -->|asset| asset_identity_identity\n  APP -->|asset| asset_identity_identity\n  APP -->|asset| asset_identity_identity\n  APP -->|asset| asset_secret_STRIPE_WEBHOOK_SECRET\n  classDef sev_critical fill:#ffcccc,stroke:#a00,stroke-width:2px;\n  classDef sev_high fill:#ffe0b2,stroke:#c60,stroke-width:2px;\n  classDef sev_medium fill:#fff3cd,stroke:#a80;\n  classDef sev_low fill:#e8eaf6,stroke:#557;",
+      "mermaid": "flowchart LR\n  INTERNET((Internet))\n  APP[\"Application\"]\n  db_dart_flutter_js_62[(\"db@dart-flutter.js:62\")]\n  db_llm_stored_prompt_js_16[(\"db@llm-stored-prompt.js:16\")]\n  asset_secret_NEXTAUTH_SECRET[/\"secret: NEXTAUTH_SECRET\"/]\n  asset_secret_OAUTH_CLIENT_SECRET[/\"secret: OAUTH_CLIENT_SECRET\"/]\n  asset_session_session[/\"session: session\"/]\n  asset_identity_identity[/\"identity: identity\"/]\n  APP -->|db| db_dart_flutter_js_62\n  APP -->|db| db_llm_stored_prompt_js_16\n  APP -->|asset| asset_secret_NEXTAUTH_SECRET\n  APP -->|asset| asset_secret_OAUTH_CLIENT_SECRET\n  APP -->|asset| asset_session_session\n  APP -->|asset| asset_session_session\n  APP -->|asset| asset_session_session\n  APP -->|asset| asset_session_session\n  APP -->|asset| asset_session_session\n  APP -->|asset| asset_session_session\n  APP -->|asset| asset_session_session\n  APP -->|asset| asset_identity_identity\n  APP -->|asset| asset_identity_identity\n  APP -->|asset| asset_identity_identity\n  classDef sev_critical fill:#ffcccc,stroke:#a00,stroke-width:2px;\n  classDef sev_high fill:#ffe0b2,stroke:#c60,stroke-width:2px;\n  classDef sev_medium fill:#fff3cd,stroke:#a80;\n  classDef sev_low fill:#e8eaf6,stroke:#557;",
       "nodes": [
         {
           "id": "INTERNET",
@@ -5100,11 +6069,6 @@
           "id": "asset_identity_identity",
           "kind": "asset",
           "label": "identity: identity"
-        },
-        {
-          "id": "asset_secret_STRIPE_WEBHOOK_SECRET",
-          "kind": "asset",
-          "label": "secret: STRIPE_WEBHOOK_SECRET"
         }
       ],
       "edges": [
@@ -5160,7 +6124,7 @@
         },
         {
           "from": "APP",
-          "to": "asset_identity_identity",
+          "to": "asset_session_session",
           "kind": "asset"
         },
         {
@@ -5175,7 +6139,7 @@
         },
         {
           "from": "APP",
-          "to": "asset_secret_STRIPE_WEBHOOK_SECRET",
+          "to": "asset_identity_identity",
           "kind": "asset"
         }
       ],