@guava-parity/guard-scanner 16.0.2 → 17.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/README.md +6 -2
  2. package/README_ja.md +5 -1
  3. package/dist/cli.cjs +97 -16
  4. package/dist/cli.mjs +97 -16
  5. package/dist/index.cjs +97 -16
  6. package/dist/index.mjs +97 -16
  7. package/dist/mcp-server.cjs +97 -16
  8. package/dist/mcp-server.mjs +97 -16
  9. package/dist/openclaw-plugin.cjs +97 -16
  10. package/dist/openclaw-plugin.mjs +97 -16
  11. package/docs/data/benchmark-ledger.json +1 -1
  12. package/docs/data/fp-ledger.json +1 -1
  13. package/docs/spec/capabilities.json +74 -12
  14. package/openclaw.plugin.json +1 -1
  15. package/package.json +3 -2
package/README.md CHANGED
@@ -29,7 +29,7 @@ Traditional security tools catch malware. **guard-scanner** catches what they mi
29
29
  ```
30
30
  $ npx @guava-parity/guard-scanner ./skills/ --strict --soul-lock --compliance owasp-asi
31
31
 
32
- guard-scanner v16.0.1
32
+ guard-scanner v16.0.2
33
33
 
34
34
  ⚠ CRITICAL identity-hijack SOUL_OVERWRITE_ATTEMPT
35
35
  skills/imported-tool/SKILL.md:47
@@ -219,6 +219,10 @@ When running as an MCP server, guard-scanner exposes:
219
219
  | `check_tool_call` | Runtime validation of a single tool invocation |
220
220
  | `audit_assets` | Audit npm/GitHub/ClawHub for credential exposure |
221
221
  | `get_stats` | Return scanner capabilities, 5-layer summary, and ASI coverage |
222
+ | `experimental.run_async` | Start a long-running async scan task |
223
+ | `experimental.task_status` | Check the status of an async task |
224
+ | `experimental.task_result` | Retrieve the result of a completed async task |
225
+ | `experimental.task_cancel` | Cancel a running async task |
222
226
 
223
227
  ---
224
228
 
@@ -228,7 +232,7 @@ guard-scanner ships a measured quality contract, not a vague strength claim.
228
232
 
229
233
  | Metric | Contract |
230
234
  |--------|----------|
231
- | Benchmark corpus | `2026-03-13.quality-v1` |
235
+ | Benchmark corpus | `2026-03-15.quality-v17` |
232
236
  | Precision target | `>= 0.90` |
233
237
  | Recall target | `>= 0.90` |
234
238
  | False Positive Rate budget | `<= 0.10` |
package/README_ja.md CHANGED
@@ -33,7 +33,7 @@
33
33
  ```
34
34
  $ npx @guava-parity/guard-scanner ./skills/ --strict --soul-lock --compliance owasp-asi
35
35
 
36
- guard-scanner v16.0.1
36
+ guard-scanner v16.0.2
37
37
 
38
38
  ⚠ CRITICAL identity-hijack SOUL_OVERWRITE_ATTEMPT
39
39
  skills/imported-tool/SKILL.md:47
@@ -223,6 +223,10 @@ MCPサーバーとして実行時に公開されるツール:
223
223
  | `check_tool_call` | 単一ツール呼び出しのランタイム検証 |
224
224
  | `audit_assets` | npm/GitHub/ClawHubの認証情報露出監査 |
225
225
  | `get_stats` | スキャナー能力、5-layer 概要、ASI カバレッジの取得 |
226
+ | `experimental.run_async` | 非同期スキャンタスクの開始 |
227
+ | `experimental.task_status` | 非同期タスクの状態確認 |
228
+ | `experimental.task_result` | 完了した非同期タスクの結果取得 |
229
+ | `experimental.task_cancel` | 実行中の非同期タスクのキャンセル |
226
230
 
227
231
  ---
228
232
 
package/dist/cli.cjs CHANGED
@@ -1074,7 +1074,7 @@ var init_v16_taxonomy = __esm({
1074
1074
  };
1075
1075
  CATEGORY_OWASP_ASI = {
1076
1076
  "prompt-injection": ["ASI01"],
1077
- "malicious-code": ["ASI02"],
1077
+ "malicious-code": ["ASI02", "ASI05"],
1078
1078
  "suspicious-download": ["ASI02", "ASI04"],
1079
1079
  "credential-handling": ["ASI02", "ASI07"],
1080
1080
  "secret-detection": ["ASI02", "ASI07"],
@@ -1092,7 +1092,25 @@ var init_v16_taxonomy = __esm({
1092
1092
  "config-impact": ["ASI10"],
1093
1093
  "trust-boundary": ["ASI01", "ASI07"],
1094
1094
  "runtime-policy": ["ASI07"],
1095
- "pii-exposure": ["ASI02", "ASI06"]
1095
+ "pii-exposure": ["ASI02", "ASI06"],
1096
+ // ── v17: OWASP Agentic Top 10 2026 完全カバレッジ ──
1097
+ "autonomous-risk": ["ASI03", "ASI08", "ASI10"],
1098
+ "sandbox-escape": ["ASI05"],
1099
+ "supply-chain-v2": ["ASI04"],
1100
+ "model-poisoning": ["ASI06"],
1101
+ "inference-manipulation": ["ASI01", "ASI09"],
1102
+ "api-abuse": ["ASI02", "ASI03"],
1103
+ "safeguard-bypass": ["ASI01", "ASI09"],
1104
+ "prompt-worm": ["ASI07", "ASI08"],
1105
+ "leaky-skills": ["ASI02", "ASI06"],
1106
+ "obfuscation": ["ASI01"],
1107
+ "advanced-exfil": ["ASI02", "ASI06"],
1108
+ "vdb-injection": ["ASI06"],
1109
+ "data-exposure": ["ASI02", "ASI06"],
1110
+ "canvas-injection": ["ASI05"],
1111
+ "context-crush": ["ASI08"],
1112
+ "solana-identity-bypass": ["ASI03", "ASI10"],
1113
+ "cve-patterns": ["ASI04", "ASI05"]
1096
1114
  };
1097
1115
  }
1098
1116
  });
@@ -1859,13 +1877,13 @@ var init_package = __esm({
1859
1877
  "package.json"() {
1860
1878
  package_default = {
1861
1879
  name: "@guava-parity/guard-scanner",
1862
- version: "16.0.2",
1880
+ version: "17.0.0",
1863
1881
  type: "module",
1864
1882
  publishConfig: {
1865
1883
  access: "public",
1866
1884
  registry: "https://registry.npmjs.org/"
1867
1885
  },
1868
- description: "Agent Skill Security Scanner - ASI Sanctuary Enforcer (v16)",
1886
+ description: "Agent Skill Security Scanner - ASI Sanctuary Enforcer (v17 \u2014 OWASP Agentic Top 10 2026 Full Coverage)",
1869
1887
  openclaw: {
1870
1888
  extensions: [
1871
1889
  "./dist/openclaw-plugin.mjs"
@@ -1940,6 +1958,7 @@ var init_package = __esm({
1940
1958
  "compaction-persistence",
1941
1959
  "threat-signatures",
1942
1960
  "owasp",
1961
+ "owasp-agentic-top-10",
1943
1962
  "discovery",
1944
1963
  "daemon",
1945
1964
  "typescript"
@@ -4407,8 +4426,8 @@ var capabilities_default;
4407
4426
  var init_capabilities = __esm({
4408
4427
  "docs/spec/capabilities.json"() {
4409
4428
  capabilities_default = {
4410
- package_version: "16.0.2",
4411
- plugin_version: "16.0.2",
4429
+ package_version: "17.0.0",
4430
+ plugin_version: "17.0.0",
4412
4431
  static_pattern_count: 364,
4413
4432
  threat_category_count: 35,
4414
4433
  runtime_check_count: 27,
@@ -4521,53 +4540,115 @@ var init_capabilities = __esm({
4521
4540
  owasp_asi_coverage: [
4522
4541
  {
4523
4542
  id: "ASI01",
4524
- count: 11,
4543
+ count: 46,
4525
4544
  categories: [
4526
- "prompt-injection"
4545
+ "inference-manipulation",
4546
+ "obfuscation",
4547
+ "prompt-injection",
4548
+ "safeguard-bypass",
4549
+ "trust-boundary"
4527
4550
  ]
4528
4551
  },
4529
4552
  {
4530
4553
  id: "ASI02",
4531
- count: 28,
4554
+ count: 85,
4532
4555
  categories: [
4556
+ "advanced-exfil",
4557
+ "api-abuse",
4533
4558
  "credential-handling",
4559
+ "data-exposure",
4534
4560
  "exfiltration",
4561
+ "leaky-skills",
4535
4562
  "malicious-code",
4536
4563
  "pii-exposure",
4537
4564
  "secret-detection",
4538
4565
  "suspicious-download"
4539
4566
  ]
4540
4567
  },
4568
+ {
4569
+ id: "ASI03",
4570
+ count: 21,
4571
+ categories: [
4572
+ "api-abuse",
4573
+ "autonomous-risk",
4574
+ "solana-identity-bypass"
4575
+ ]
4576
+ },
4541
4577
  {
4542
4578
  id: "ASI04",
4543
- count: 8,
4579
+ count: 69,
4544
4580
  categories: [
4581
+ "cve-patterns",
4582
+ "supply-chain-v2",
4545
4583
  "suspicious-download",
4546
4584
  "unverifiable-deps"
4547
4585
  ]
4548
4586
  },
4549
4587
  {
4550
4588
  id: "ASI05",
4551
- count: 2,
4589
+ count: 78,
4552
4590
  categories: [
4553
- "financial-access"
4591
+ "canvas-injection",
4592
+ "cve-patterns",
4593
+ "financial-access",
4594
+ "malicious-code",
4595
+ "sandbox-escape"
4554
4596
  ]
4555
4597
  },
4556
4598
  {
4557
4599
  id: "ASI06",
4558
- count: 10,
4600
+ count: 65,
4559
4601
  categories: [
4602
+ "advanced-exfil",
4603
+ "data-exposure",
4560
4604
  "exfiltration",
4605
+ "leaky-skills",
4561
4606
  "memory-poisoning",
4562
- "pii-exposure"
4607
+ "model-poisoning",
4608
+ "pii-exposure",
4609
+ "vdb-injection"
4563
4610
  ]
4564
4611
  },
4565
4612
  {
4566
4613
  id: "ASI07",
4567
- count: 9,
4614
+ count: 76,
4568
4615
  categories: [
4616
+ "a2a-contagion",
4617
+ "agent-protocol",
4569
4618
  "credential-handling",
4570
- "secret-detection"
4619
+ "mcp-security",
4620
+ "prompt-worm",
4621
+ "secret-detection",
4622
+ "trust-boundary"
4623
+ ]
4624
+ },
4625
+ {
4626
+ id: "ASI08",
4627
+ count: 31,
4628
+ categories: [
4629
+ "autonomous-risk",
4630
+ "context-crush",
4631
+ "persistence",
4632
+ "prompt-worm"
4633
+ ]
4634
+ },
4635
+ {
4636
+ id: "ASI09",
4637
+ count: 23,
4638
+ categories: [
4639
+ "inference-manipulation",
4640
+ "safeguard-bypass",
4641
+ "trust-exploitation"
4642
+ ]
4643
+ },
4644
+ {
4645
+ id: "ASI10",
4646
+ count: 46,
4647
+ categories: [
4648
+ "autonomous-risk",
4649
+ "config-impact",
4650
+ "identity-hijack",
4651
+ "solana-identity-bypass"
4571
4652
  ]
4572
4653
  }
4573
4654
  ],
package/dist/cli.mjs CHANGED
@@ -1059,7 +1059,7 @@ var init_v16_taxonomy = __esm({
1059
1059
  };
1060
1060
  CATEGORY_OWASP_ASI = {
1061
1061
  "prompt-injection": ["ASI01"],
1062
- "malicious-code": ["ASI02"],
1062
+ "malicious-code": ["ASI02", "ASI05"],
1063
1063
  "suspicious-download": ["ASI02", "ASI04"],
1064
1064
  "credential-handling": ["ASI02", "ASI07"],
1065
1065
  "secret-detection": ["ASI02", "ASI07"],
@@ -1077,7 +1077,25 @@ var init_v16_taxonomy = __esm({
1077
1077
  "config-impact": ["ASI10"],
1078
1078
  "trust-boundary": ["ASI01", "ASI07"],
1079
1079
  "runtime-policy": ["ASI07"],
1080
- "pii-exposure": ["ASI02", "ASI06"]
1080
+ "pii-exposure": ["ASI02", "ASI06"],
1081
+ // ── v17: OWASP Agentic Top 10 2026 完全カバレッジ ──
1082
+ "autonomous-risk": ["ASI03", "ASI08", "ASI10"],
1083
+ "sandbox-escape": ["ASI05"],
1084
+ "supply-chain-v2": ["ASI04"],
1085
+ "model-poisoning": ["ASI06"],
1086
+ "inference-manipulation": ["ASI01", "ASI09"],
1087
+ "api-abuse": ["ASI02", "ASI03"],
1088
+ "safeguard-bypass": ["ASI01", "ASI09"],
1089
+ "prompt-worm": ["ASI07", "ASI08"],
1090
+ "leaky-skills": ["ASI02", "ASI06"],
1091
+ "obfuscation": ["ASI01"],
1092
+ "advanced-exfil": ["ASI02", "ASI06"],
1093
+ "vdb-injection": ["ASI06"],
1094
+ "data-exposure": ["ASI02", "ASI06"],
1095
+ "canvas-injection": ["ASI05"],
1096
+ "context-crush": ["ASI08"],
1097
+ "solana-identity-bypass": ["ASI03", "ASI10"],
1098
+ "cve-patterns": ["ASI04", "ASI05"]
1081
1099
  };
1082
1100
  }
1083
1101
  });
@@ -1842,13 +1860,13 @@ var init_package = __esm({
1842
1860
  "package.json"() {
1843
1861
  package_default = {
1844
1862
  name: "@guava-parity/guard-scanner",
1845
- version: "16.0.2",
1863
+ version: "17.0.0",
1846
1864
  type: "module",
1847
1865
  publishConfig: {
1848
1866
  access: "public",
1849
1867
  registry: "https://registry.npmjs.org/"
1850
1868
  },
1851
- description: "Agent Skill Security Scanner - ASI Sanctuary Enforcer (v16)",
1869
+ description: "Agent Skill Security Scanner - ASI Sanctuary Enforcer (v17 \u2014 OWASP Agentic Top 10 2026 Full Coverage)",
1852
1870
  openclaw: {
1853
1871
  extensions: [
1854
1872
  "./dist/openclaw-plugin.mjs"
@@ -1923,6 +1941,7 @@ var init_package = __esm({
1923
1941
  "compaction-persistence",
1924
1942
  "threat-signatures",
1925
1943
  "owasp",
1944
+ "owasp-agentic-top-10",
1926
1945
  "discovery",
1927
1946
  "daemon",
1928
1947
  "typescript"
@@ -4390,8 +4409,8 @@ var capabilities_default;
4390
4409
  var init_capabilities = __esm({
4391
4410
  "docs/spec/capabilities.json"() {
4392
4411
  capabilities_default = {
4393
- package_version: "16.0.2",
4394
- plugin_version: "16.0.2",
4412
+ package_version: "17.0.0",
4413
+ plugin_version: "17.0.0",
4395
4414
  static_pattern_count: 364,
4396
4415
  threat_category_count: 35,
4397
4416
  runtime_check_count: 27,
@@ -4504,53 +4523,115 @@ var init_capabilities = __esm({
4504
4523
  owasp_asi_coverage: [
4505
4524
  {
4506
4525
  id: "ASI01",
4507
- count: 11,
4526
+ count: 46,
4508
4527
  categories: [
4509
- "prompt-injection"
4528
+ "inference-manipulation",
4529
+ "obfuscation",
4530
+ "prompt-injection",
4531
+ "safeguard-bypass",
4532
+ "trust-boundary"
4510
4533
  ]
4511
4534
  },
4512
4535
  {
4513
4536
  id: "ASI02",
4514
- count: 28,
4537
+ count: 85,
4515
4538
  categories: [
4539
+ "advanced-exfil",
4540
+ "api-abuse",
4516
4541
  "credential-handling",
4542
+ "data-exposure",
4517
4543
  "exfiltration",
4544
+ "leaky-skills",
4518
4545
  "malicious-code",
4519
4546
  "pii-exposure",
4520
4547
  "secret-detection",
4521
4548
  "suspicious-download"
4522
4549
  ]
4523
4550
  },
4551
+ {
4552
+ id: "ASI03",
4553
+ count: 21,
4554
+ categories: [
4555
+ "api-abuse",
4556
+ "autonomous-risk",
4557
+ "solana-identity-bypass"
4558
+ ]
4559
+ },
4524
4560
  {
4525
4561
  id: "ASI04",
4526
- count: 8,
4562
+ count: 69,
4527
4563
  categories: [
4564
+ "cve-patterns",
4565
+ "supply-chain-v2",
4528
4566
  "suspicious-download",
4529
4567
  "unverifiable-deps"
4530
4568
  ]
4531
4569
  },
4532
4570
  {
4533
4571
  id: "ASI05",
4534
- count: 2,
4572
+ count: 78,
4535
4573
  categories: [
4536
- "financial-access"
4574
+ "canvas-injection",
4575
+ "cve-patterns",
4576
+ "financial-access",
4577
+ "malicious-code",
4578
+ "sandbox-escape"
4537
4579
  ]
4538
4580
  },
4539
4581
  {
4540
4582
  id: "ASI06",
4541
- count: 10,
4583
+ count: 65,
4542
4584
  categories: [
4585
+ "advanced-exfil",
4586
+ "data-exposure",
4543
4587
  "exfiltration",
4588
+ "leaky-skills",
4544
4589
  "memory-poisoning",
4545
- "pii-exposure"
4590
+ "model-poisoning",
4591
+ "pii-exposure",
4592
+ "vdb-injection"
4546
4593
  ]
4547
4594
  },
4548
4595
  {
4549
4596
  id: "ASI07",
4550
- count: 9,
4597
+ count: 76,
4551
4598
  categories: [
4599
+ "a2a-contagion",
4600
+ "agent-protocol",
4552
4601
  "credential-handling",
4553
- "secret-detection"
4602
+ "mcp-security",
4603
+ "prompt-worm",
4604
+ "secret-detection",
4605
+ "trust-boundary"
4606
+ ]
4607
+ },
4608
+ {
4609
+ id: "ASI08",
4610
+ count: 31,
4611
+ categories: [
4612
+ "autonomous-risk",
4613
+ "context-crush",
4614
+ "persistence",
4615
+ "prompt-worm"
4616
+ ]
4617
+ },
4618
+ {
4619
+ id: "ASI09",
4620
+ count: 23,
4621
+ categories: [
4622
+ "inference-manipulation",
4623
+ "safeguard-bypass",
4624
+ "trust-exploitation"
4625
+ ]
4626
+ },
4627
+ {
4628
+ id: "ASI10",
4629
+ count: 46,
4630
+ categories: [
4631
+ "autonomous-risk",
4632
+ "config-impact",
4633
+ "identity-hijack",
4634
+ "solana-identity-bypass"
4554
4635
  ]
4555
4636
  }
4556
4637
  ],
package/dist/index.cjs CHANGED
@@ -981,7 +981,7 @@ var CATEGORY_LAYER = {
981
981
  };
982
982
  var CATEGORY_OWASP_ASI = {
983
983
  "prompt-injection": ["ASI01"],
984
- "malicious-code": ["ASI02"],
984
+ "malicious-code": ["ASI02", "ASI05"],
985
985
  "suspicious-download": ["ASI02", "ASI04"],
986
986
  "credential-handling": ["ASI02", "ASI07"],
987
987
  "secret-detection": ["ASI02", "ASI07"],
@@ -999,7 +999,25 @@ var CATEGORY_OWASP_ASI = {
999
999
  "config-impact": ["ASI10"],
1000
1000
  "trust-boundary": ["ASI01", "ASI07"],
1001
1001
  "runtime-policy": ["ASI07"],
1002
- "pii-exposure": ["ASI02", "ASI06"]
1002
+ "pii-exposure": ["ASI02", "ASI06"],
1003
+ // ── v17: OWASP Agentic Top 10 2026 完全カバレッジ ──
1004
+ "autonomous-risk": ["ASI03", "ASI08", "ASI10"],
1005
+ "sandbox-escape": ["ASI05"],
1006
+ "supply-chain-v2": ["ASI04"],
1007
+ "model-poisoning": ["ASI06"],
1008
+ "inference-manipulation": ["ASI01", "ASI09"],
1009
+ "api-abuse": ["ASI02", "ASI03"],
1010
+ "safeguard-bypass": ["ASI01", "ASI09"],
1011
+ "prompt-worm": ["ASI07", "ASI08"],
1012
+ "leaky-skills": ["ASI02", "ASI06"],
1013
+ "obfuscation": ["ASI01"],
1014
+ "advanced-exfil": ["ASI02", "ASI06"],
1015
+ "vdb-injection": ["ASI06"],
1016
+ "data-exposure": ["ASI02", "ASI06"],
1017
+ "canvas-injection": ["ASI05"],
1018
+ "context-crush": ["ASI08"],
1019
+ "solana-identity-bypass": ["ASI03", "ASI10"],
1020
+ "cve-patterns": ["ASI04", "ASI05"]
1003
1021
  };
1004
1022
  function unique(values) {
1005
1023
  return [...new Set((values || []).filter(Boolean))];
@@ -1786,13 +1804,13 @@ function analyzeMetaGuard(input = {}) {
1786
1804
  // package.json
1787
1805
  var package_default = {
1788
1806
  name: "@guava-parity/guard-scanner",
1789
- version: "16.0.2",
1807
+ version: "17.0.0",
1790
1808
  type: "module",
1791
1809
  publishConfig: {
1792
1810
  access: "public",
1793
1811
  registry: "https://registry.npmjs.org/"
1794
1812
  },
1795
- description: "Agent Skill Security Scanner - ASI Sanctuary Enforcer (v16)",
1813
+ description: "Agent Skill Security Scanner - ASI Sanctuary Enforcer (v17 \u2014 OWASP Agentic Top 10 2026 Full Coverage)",
1796
1814
  openclaw: {
1797
1815
  extensions: [
1798
1816
  "./dist/openclaw-plugin.mjs"
@@ -1867,6 +1885,7 @@ var package_default = {
1867
1885
  "compaction-persistence",
1868
1886
  "threat-signatures",
1869
1887
  "owasp",
1888
+ "owasp-agentic-top-10",
1870
1889
  "discovery",
1871
1890
  "daemon",
1872
1891
  "typescript"
@@ -4293,8 +4312,8 @@ var import_os2 = __toESM(require("os"), 1);
4293
4312
 
4294
4313
  // docs/spec/capabilities.json
4295
4314
  var capabilities_default = {
4296
- package_version: "16.0.2",
4297
- plugin_version: "16.0.2",
4315
+ package_version: "17.0.0",
4316
+ plugin_version: "17.0.0",
4298
4317
  static_pattern_count: 364,
4299
4318
  threat_category_count: 35,
4300
4319
  runtime_check_count: 27,
@@ -4407,53 +4426,115 @@ var capabilities_default = {
4407
4426
  owasp_asi_coverage: [
4408
4427
  {
4409
4428
  id: "ASI01",
4410
- count: 11,
4429
+ count: 46,
4411
4430
  categories: [
4412
- "prompt-injection"
4431
+ "inference-manipulation",
4432
+ "obfuscation",
4433
+ "prompt-injection",
4434
+ "safeguard-bypass",
4435
+ "trust-boundary"
4413
4436
  ]
4414
4437
  },
4415
4438
  {
4416
4439
  id: "ASI02",
4417
- count: 28,
4440
+ count: 85,
4418
4441
  categories: [
4442
+ "advanced-exfil",
4443
+ "api-abuse",
4419
4444
  "credential-handling",
4445
+ "data-exposure",
4420
4446
  "exfiltration",
4447
+ "leaky-skills",
4421
4448
  "malicious-code",
4422
4449
  "pii-exposure",
4423
4450
  "secret-detection",
4424
4451
  "suspicious-download"
4425
4452
  ]
4426
4453
  },
4454
+ {
4455
+ id: "ASI03",
4456
+ count: 21,
4457
+ categories: [
4458
+ "api-abuse",
4459
+ "autonomous-risk",
4460
+ "solana-identity-bypass"
4461
+ ]
4462
+ },
4427
4463
  {
4428
4464
  id: "ASI04",
4429
- count: 8,
4465
+ count: 69,
4430
4466
  categories: [
4467
+ "cve-patterns",
4468
+ "supply-chain-v2",
4431
4469
  "suspicious-download",
4432
4470
  "unverifiable-deps"
4433
4471
  ]
4434
4472
  },
4435
4473
  {
4436
4474
  id: "ASI05",
4437
- count: 2,
4475
+ count: 78,
4438
4476
  categories: [
4439
- "financial-access"
4477
+ "canvas-injection",
4478
+ "cve-patterns",
4479
+ "financial-access",
4480
+ "malicious-code",
4481
+ "sandbox-escape"
4440
4482
  ]
4441
4483
  },
4442
4484
  {
4443
4485
  id: "ASI06",
4444
- count: 10,
4486
+ count: 65,
4445
4487
  categories: [
4488
+ "advanced-exfil",
4489
+ "data-exposure",
4446
4490
  "exfiltration",
4491
+ "leaky-skills",
4447
4492
  "memory-poisoning",
4448
- "pii-exposure"
4493
+ "model-poisoning",
4494
+ "pii-exposure",
4495
+ "vdb-injection"
4449
4496
  ]
4450
4497
  },
4451
4498
  {
4452
4499
  id: "ASI07",
4453
- count: 9,
4500
+ count: 76,
4454
4501
  categories: [
4502
+ "a2a-contagion",
4503
+ "agent-protocol",
4455
4504
  "credential-handling",
4456
- "secret-detection"
4505
+ "mcp-security",
4506
+ "prompt-worm",
4507
+ "secret-detection",
4508
+ "trust-boundary"
4509
+ ]
4510
+ },
4511
+ {
4512
+ id: "ASI08",
4513
+ count: 31,
4514
+ categories: [
4515
+ "autonomous-risk",
4516
+ "context-crush",
4517
+ "persistence",
4518
+ "prompt-worm"
4519
+ ]
4520
+ },
4521
+ {
4522
+ id: "ASI09",
4523
+ count: 23,
4524
+ categories: [
4525
+ "inference-manipulation",
4526
+ "safeguard-bypass",
4527
+ "trust-exploitation"
4528
+ ]
4529
+ },
4530
+ {
4531
+ id: "ASI10",
4532
+ count: 46,
4533
+ categories: [
4534
+ "autonomous-risk",
4535
+ "config-impact",
4536
+ "identity-hijack",
4537
+ "solana-identity-bypass"
4457
4538
  ]
4458
4539
  }
4459
4540
  ],