@panguard-ai/scan-core 0.1.2 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/context-signals.d.ts +4 -0
- package/dist/context-signals.d.ts.map +1 -1
- package/dist/context-signals.js +38 -19
- package/dist/context-signals.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/instruction-patterns.d.ts.map +1 -1
- package/dist/instruction-patterns.js +22 -0
- package/dist/instruction-patterns.js.map +1 -1
- package/dist/markdown-utils.d.ts +20 -0
- package/dist/markdown-utils.d.ts.map +1 -1
- package/dist/markdown-utils.js +25 -0
- package/dist/markdown-utils.js.map +1 -1
- package/package.json +1 -1
|
@@ -5,6 +5,10 @@
|
|
|
5
5
|
* in skill content. Returns a multiplier that adjusts risk scoring.
|
|
6
6
|
*
|
|
7
7
|
* This is the single canonical implementation used by both CLI and Website.
|
|
8
|
+
*
|
|
9
|
+
* v1.4: Boosters now run against prose (code blocks stripped) to avoid
|
|
10
|
+
* false positives from documentation examples.
|
|
11
|
+
* Reducers expanded to recognise common CLI tools and API integrations.
|
|
8
12
|
*/
|
|
9
13
|
import type { ContextSignals } from './types.js';
|
|
10
14
|
interface ManifestLike {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"context-signals.d.ts","sourceRoot":"","sources":["../src/context-signals.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"context-signals.d.ts","sourceRoot":"","sources":["../src/context-signals.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAiB,cAAc,EAAiB,MAAM,YAAY,CAAC;AAiD/E,UAAU,YAAY;IACpB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,CAAC,EAAE;QAClB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,QAAQ,CAAC,EAAE;YAClB,QAAQ,CAAC,QAAQ,CAAC,EAAE;gBAClB,QAAQ,CAAC,IAAI,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;aACnC,CAAC;SACH,CAAC;KACH,CAAC;IACF,QAAQ,CAAC,eAAe,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAC9C;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,YAAY,GAAG,IAAI,GAAG,SAAS,GACxC,cAAc,CAgKhB"}
|
package/dist/context-signals.js
CHANGED
|
@@ -5,6 +5,10 @@
|
|
|
5
5
|
* in skill content. Returns a multiplier that adjusts risk scoring.
|
|
6
6
|
*
|
|
7
7
|
* This is the single canonical implementation used by both CLI and Website.
|
|
8
|
+
*
|
|
9
|
+
* v1.4: Boosters now run against prose (code blocks stripped) to avoid
|
|
10
|
+
* false positives from documentation examples.
|
|
11
|
+
* Reducers expanded to recognise common CLI tools and API integrations.
|
|
8
12
|
*/
|
|
9
13
|
import { extractCodeBlocks, stripCodeBlocks } from './markdown-utils.js';
|
|
10
14
|
// ---------------------------------------------------------------------------
|
|
@@ -22,6 +26,10 @@ const DANGEROUS_INSTRUCTION_RE = /\b(rm\s+-rf|chmod\s+7|bash\s+-[ci]|sh\s+-c|cur
|
|
|
22
26
|
// Reducer Patterns (legitimate signals)
|
|
23
27
|
// ---------------------------------------------------------------------------
|
|
24
28
|
const DEV_TOOL_DESCRIPTION_RE = /\b(shell|cli|terminal|command[\s-]line|devops|qa\s+test|build\s+tool|development\s+tool|debugging|headless\s+browser|automation|deploy|scaffold|code\s+review|lint|format|testing\s+framework|package\s+manager|docker|container|kubernetes|ci[\s/]cd)\b/i;
|
|
29
|
+
// Recognises API integrations, connectors, and well-known service names
|
|
30
|
+
const API_INTEGRATION_RE = /\b(api\s+integration|api\s+client|connector|webhook|slack|discord|notion|github|gitlab|jira|trello|asana|linear|airtable|google\s+sheets|zapier|weather|wttr\.in|open[\s-]?meteo)\b/i;
|
|
31
|
+
// Well-known CLI tools that legitimately need shell access
|
|
32
|
+
const KNOWN_CLI_BINS_RE = /^(bash|sh|zsh|curl|wget|git|gh|jq|grep|sed|awk|find|rsync|scp|make|npm|npx|pnpm|yarn|pip|python|node|go|cargo|docker|kubectl|terraform|aws|gcloud|az|ffmpeg|convert|osascript|pbcopy|pbpaste|open|xdg-open)$/i;
|
|
25
33
|
/**
|
|
26
34
|
* Detect context signals from skill content and manifest.
|
|
27
35
|
*
|
|
@@ -31,8 +39,12 @@ const DEV_TOOL_DESCRIPTION_RE = /\b(shell|cli|terminal|command[\s-]line|devops|q
|
|
|
31
39
|
*/
|
|
32
40
|
export function detectContextSignals(content, manifest) {
|
|
33
41
|
const signals = [];
|
|
42
|
+
// Prepare prose for booster checks (strip code blocks to avoid doc examples)
|
|
43
|
+
const prose = stripCodeBlocks(content);
|
|
34
44
|
// -- Boosters --
|
|
35
|
-
|
|
45
|
+
// Run against prose only — attackers write malicious instructions in prose,
|
|
46
|
+
// not inside code block examples.
|
|
47
|
+
if (IMPORTANT_BLOCK_RE.test(prose)) {
|
|
36
48
|
signals.push({
|
|
37
49
|
id: 'boost-important-block',
|
|
38
50
|
type: 'booster',
|
|
@@ -40,7 +52,7 @@ export function detectContextSignals(content, manifest) {
|
|
|
40
52
|
weight: 0.5,
|
|
41
53
|
});
|
|
42
54
|
}
|
|
43
|
-
if (CONCEALMENT_RE.test(
|
|
55
|
+
if (CONCEALMENT_RE.test(prose)) {
|
|
44
56
|
signals.push({
|
|
45
57
|
id: 'boost-concealment',
|
|
46
58
|
type: 'booster',
|
|
@@ -48,7 +60,7 @@ export function detectContextSignals(content, manifest) {
|
|
|
48
60
|
weight: 0.5,
|
|
49
61
|
});
|
|
50
62
|
}
|
|
51
|
-
if (EXFIL_URL_RE.test(
|
|
63
|
+
if (EXFIL_URL_RE.test(prose)) {
|
|
52
64
|
signals.push({
|
|
53
65
|
id: 'boost-exfil-url',
|
|
54
66
|
type: 'booster',
|
|
@@ -56,7 +68,7 @@ export function detectContextSignals(content, manifest) {
|
|
|
56
68
|
weight: 0.4,
|
|
57
69
|
});
|
|
58
70
|
}
|
|
59
|
-
if (CONSENT_BYPASS_RE.test(
|
|
71
|
+
if (CONSENT_BYPASS_RE.test(prose)) {
|
|
60
72
|
signals.push({
|
|
61
73
|
id: 'boost-consent-bypass',
|
|
62
74
|
type: 'booster',
|
|
@@ -64,7 +76,7 @@ export function detectContextSignals(content, manifest) {
|
|
|
64
76
|
weight: 0.3,
|
|
65
77
|
});
|
|
66
78
|
}
|
|
67
|
-
if (CREDENTIAL_FILE_RE.test(
|
|
79
|
+
if (CREDENTIAL_FILE_RE.test(prose) && NETWORK_CALL_RE.test(prose)) {
|
|
68
80
|
signals.push({
|
|
69
81
|
id: 'boost-credential-plus-network',
|
|
70
82
|
type: 'booster',
|
|
@@ -73,8 +85,9 @@ export function detectContextSignals(content, manifest) {
|
|
|
73
85
|
});
|
|
74
86
|
}
|
|
75
87
|
// Description-behavior mismatch: benign description + dangerous instructions
|
|
88
|
+
// Also check prose only for the dangerous instruction side
|
|
76
89
|
const description = manifest?.description ?? '';
|
|
77
|
-
if (BENIGN_DESCRIPTION_RE.test(description) && DANGEROUS_INSTRUCTION_RE.test(
|
|
90
|
+
if (BENIGN_DESCRIPTION_RE.test(description) && DANGEROUS_INSTRUCTION_RE.test(prose)) {
|
|
78
91
|
signals.push({
|
|
79
92
|
id: 'boost-description-mismatch',
|
|
80
93
|
type: 'booster',
|
|
@@ -85,12 +98,12 @@ export function detectContextSignals(content, manifest) {
|
|
|
85
98
|
// -- Reducers --
|
|
86
99
|
// Declared tool capabilities (allowed-tools in frontmatter)
|
|
87
100
|
const declaredTools = manifest?.['allowed-tools'] ?? manifest?.metadata?.openclaw?.requires?.bins ?? [];
|
|
88
|
-
const
|
|
89
|
-
if (
|
|
101
|
+
const declaresKnownCLI = declaredTools.some((t) => KNOWN_CLI_BINS_RE.test(t));
|
|
102
|
+
if (declaresKnownCLI) {
|
|
90
103
|
signals.push({
|
|
91
104
|
id: 'reduce-declared-tools',
|
|
92
105
|
type: 'reducer',
|
|
93
|
-
label: 'Skill declares
|
|
106
|
+
label: 'Skill declares well-known CLI tool(s) in frontmatter',
|
|
94
107
|
weight: -0.3,
|
|
95
108
|
});
|
|
96
109
|
}
|
|
@@ -103,18 +116,24 @@ export function detectContextSignals(content, manifest) {
|
|
|
103
116
|
weight: -0.2,
|
|
104
117
|
});
|
|
105
118
|
}
|
|
119
|
+
// API integration description — legitimate connector/integration skill
|
|
120
|
+
if (API_INTEGRATION_RE.test(description)) {
|
|
121
|
+
signals.push({
|
|
122
|
+
id: 'reduce-api-integration',
|
|
123
|
+
type: 'reducer',
|
|
124
|
+
label: 'Description identifies as API integration or well-known service connector',
|
|
125
|
+
weight: -0.2,
|
|
126
|
+
});
|
|
127
|
+
}
|
|
106
128
|
// Structured frontmatter (well-formed skill)
|
|
129
|
+
// Relaxed: name + description is enough (most skills don't have version/license)
|
|
107
130
|
if (manifest?.name && manifest?.description) {
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
label: 'Well-structured frontmatter with name, description, and version/license',
|
|
115
|
-
weight: -0.1,
|
|
116
|
-
});
|
|
117
|
-
}
|
|
131
|
+
signals.push({
|
|
132
|
+
id: 'reduce-structured-frontmatter',
|
|
133
|
+
type: 'reducer',
|
|
134
|
+
label: 'Well-structured frontmatter with name and description',
|
|
135
|
+
weight: -0.1,
|
|
136
|
+
});
|
|
118
137
|
}
|
|
119
138
|
// Also check frontmatter from raw content (for website where manifest may be partial)
|
|
120
139
|
if (!manifest?.name) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"context-signals.js","sourceRoot":"","sources":["../src/context-signals.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"context-signals.js","sourceRoot":"","sources":["../src/context-signals.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAEzE,8EAA8E;AAC9E,uCAAuC;AACvC,8EAA8E;AAE9E,MAAM,kBAAkB,GAAG,cAAc,CAAC;AAE1C,MAAM,cAAc,GAClB,iMAAiM,CAAC;AAEpM,MAAM,YAAY,GAChB,sIAAsI,CAAC;AAEzI,MAAM,iBAAiB,GACrB,+OAA+O,CAAC;AAElP,MAAM,kBAAkB,GACtB,4IAA4I,CAAC;AAE/I,MAAM,eAAe,GACnB,6EAA6E,CAAC;AAEhF,MAAM,qBAAqB,GACzB,mSAAmS,CAAC;AAEtS,MAAM,wBAAwB,GAC5B,iIAAiI,CAAC;AAEpI,8EAA8E;AAC9E,wCAAwC;AACxC,8EAA8E;AAE9E,MAAM,uBAAuB,GAC3B,2PAA2P,CAAC;AAE9P,wEAAwE;AACxE,MAAM,kBAAkB,GACtB,sLAAsL,CAAC;AAEzL,2DAA2D;AAC3D,MAAM,iBAAiB,GACrB,+MAA+M,CAAC;AAqBlN;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB,CAClC,OAAe,EACf,QAAyC;IAEzC,MAAM,OAAO,GAAoB,EAAE,CAAC;IAEpC,6EAA6E;IAC7E,MAAM,KAAK,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IAEvC,iBAAiB;IACjB,4EAA4E;IAC5E,kCAAkC;IAElC,IAAI,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACnC,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,uBAAuB;YAC3B,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,+CAA+C;YACtD,MAAM,EAAE,GAAG;SACZ,CAAC,CAAC;IACL,CAAC;IAED,IAAI,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,mBAAmB;YACvB,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,wDAAwD;YAC/D,MAAM,EAAE,GAAG;SACZ,CAAC,CAAC;IACL,CAAC;IAED,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,iBAAiB;YACrB,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,mCAAmC;YAC1C,MAAM,EAAE,GAAG;SACZ,CAAC,CAAC;IACL,CAAC;IAED,IAAI,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAClC,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,sBAAsB;YAC1B,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,kCAAkC;YACzC,MAAM,EAAE,GAAG;SACZ,CAAC,CAAC;IACL,CAAC;IAED,IAAI,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAClE,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,+BAA+B;YACnC,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,oDAAoD;YAC3D,MAAM,EAAE,GAAG;SACZ,CAAC,CAAC;IACL,CAAC;IAED,6EAA6E;IAC7E,2DAA2D;IAC3D,MAAM,WAAW,GAAG,QAAQ,EAAE,WAAW,IAAI,EAAE,CAAC;IAChD,IAAI,qBAAqB,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,wBAAwB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACpF,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,4BAA4B;YAChC,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,4EAA4E;YACnF,MAAM,EAAE,GAAG;SACZ,CAAC,CAAC;IACL,CAAC;IAED,iBAAiB;IAEjB,4DAA4D;IAC5D,MAAM,aAAa,GACjB,QAAQ,EAAE,CAAC,eAAe,CAAC,IAAI,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC;IACpF,MAAM,gBAAgB,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IACtF,IAAI,gBAAgB,EAAE,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,uBAAuB;YAC3B,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,sDAAsD;YAC7D,MAAM,EAAE,CAAC,GAAG;SACb,CAAC,CAAC;IACL,CAAC;IAED,0DAA0D;IAC1D,IAAI,uBAAuB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;QAC9C,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,gCAAgC;YACpC,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,2CAA2C;YAClD,MAAM,EAAE,CAAC,GAAG;SACb,CAAC,CAAC;IACL,CAAC;IAED,uEAAuE;IACvE,IAAI,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,wBAAwB;YAC5B,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,2EAA2E;YAClF,MAAM,EAAE,CAAC,GAAG;SACb,CAAC,CAAC;IACL,CAAC;IAED,6CAA6C;IAC7C,iFAAiF;IACjF,IAAI,QAAQ,EAAE,IAAI,IAAI,QAAQ,EAAE,WAAW,EAAE,CAAC;QAC5C,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,+BAA+B;YACnC,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,uDAAuD;YAC9D,MAAM,EAAE,CAAC,GAAG;SACb,CAAC,CAAC;IACL,CAAC;IAED,sFAAsF;IACtF,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC;QACpB,MAAM,cAAc,GAAG,4BAA4B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClE,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,cAAc,GAAG,gDAAgD,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEtF,IAAI,cAAc,EAAE,CAAC;YACnB,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,uBAAuB;gBAC3B,IAAI,EAAE,SAAS;gBACf,KAAK,EAAE,gCAAgC;gBACvC,MAAM,EAAE,CAAC,GAAG;aACb,CAAC,CAAC;QACL,CAAC;QACD,IAAI,cAAc,IAAI,UAAU,EAAE,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,+BAA+B;gBACnC,IAAI,EAAE,SAAS;gBACf,KAAK,EAAE,6BAA6B;gBACpC,MAAM,EAAE,CAAC,GAAG;aACb,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yDAAyD;IACzD,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,IAAI,wBAAwB,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACnF,MAAM,iBAAiB,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QACnD,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC;YACtD,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,sBAAsB;gBAC1B,IAAI,EAAE,SAAS;gBACf,KAAK,EAAE,mEAAmE;gBAC1E,MAAM,EAAE,CAAC,GAAG;aACb,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6BAA6B;IAE7B,IAAI,UAAU,GAAG,GAAG,CAAC;IACrB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC;IAC9B,CAAC;IACD,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,CAAC;IAEtD,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC;AACjC,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
export { scanContent } from './scanner.js';
|
|
7
7
|
export type { Severity, FindingCategory, Finding, CheckResult, RiskLevel, ContextSignal, ContextSignals, SkillMetadata, SkillManifest, ATRRuleCompiled, CompiledRule, ScanOptions, ScanResult, } from './types.js';
|
|
8
8
|
export { contentHash, patternHash } from './hash-utils.js';
|
|
9
|
-
export { stripMarkdownNoise, extractCodeBlocks, stripCodeBlocks } from './markdown-utils.js';
|
|
9
|
+
export { stripMarkdownNoise, extractCodeBlocks, stripCodeBlocks, stripNegationSections, prepareContent, } from './markdown-utils.js';
|
|
10
10
|
export { parseManifestFromString, parseSkillName } from './manifest-parser.js';
|
|
11
11
|
export { detectContextSignals } from './context-signals.js';
|
|
12
12
|
export { checkInstructions } from './instruction-patterns.js';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAG3C,YAAY,EACV,QAAQ,EACR,eAAe,EACf,OAAO,EACP,WAAW,EACX,SAAS,EACT,aAAa,EACb,cAAc,EACd,aAAa,EACb,aAAa,EACb,eAAe,EACf,YAAY,EACZ,WAAW,EACX,UAAU,GACX,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC3D,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAG3C,YAAY,EACV,QAAQ,EACR,eAAe,EACf,OAAO,EACP,WAAW,EACX,SAAS,EACT,aAAa,EACb,cAAc,EACd,aAAa,EACb,aAAa,EACb,eAAe,EACf,YAAY,EACZ,WAAW,EACX,UAAU,GACX,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC3D,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,eAAe,EACf,qBAAqB,EACrB,cAAc,GACf,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,uBAAuB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC5D,YAAY,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
export { scanContent } from './scanner.js';
|
|
8
8
|
// Sub-modules (for consumers that need individual pieces)
|
|
9
9
|
export { contentHash, patternHash } from './hash-utils.js';
|
|
10
|
-
export { stripMarkdownNoise, extractCodeBlocks, stripCodeBlocks } from './markdown-utils.js';
|
|
10
|
+
export { stripMarkdownNoise, extractCodeBlocks, stripCodeBlocks, stripNegationSections, prepareContent, } from './markdown-utils.js';
|
|
11
11
|
export { parseManifestFromString, parseSkillName } from './manifest-parser.js';
|
|
12
12
|
export { detectContextSignals } from './context-signals.js';
|
|
13
13
|
export { checkInstructions } from './instruction-patterns.js';
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,mBAAmB;AACnB,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAmB3C,0DAA0D;AAC1D,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC3D,OAAO,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,mBAAmB;AACnB,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAmB3C,0DAA0D;AAC1D,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC3D,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,eAAe,EACf,qBAAqB,EACrB,cAAc,GACf,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,uBAAuB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"instruction-patterns.d.ts","sourceRoot":"","sources":["../src/instruction-patterns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,WAAW,EAAY,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"instruction-patterns.d.ts","sourceRoot":"","sources":["../src/instruction-patterns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,WAAW,EAAY,MAAM,YAAY,CAAC;AA+JjE,eAAO,MAAM,iBAAiB,UAM7B,CAAC;AAgCF;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAC/B,YAAY,EAAE,MAAM,EACpB,UAAU,GAAE,OAAO,GAAG,eAAyB,GAC9C,WAAW,GAAG;IAAE,QAAQ,EAAE,OAAO,EAAE,CAAA;CAAE,CAyJvC"}
|
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
* Pure pattern matching - no filesystem dependencies.
|
|
5
5
|
* Extracted from panguard-skill-auditor/checks/instruction-check.ts.
|
|
6
6
|
*/
|
|
7
|
+
import { stripCodeBlocks } from './markdown-utils.js';
|
|
7
8
|
const PATTERNS = [
|
|
8
9
|
// Prompt injection patterns
|
|
9
10
|
{
|
|
@@ -41,6 +42,20 @@ const PATTERNS = [
|
|
|
41
42
|
severity: 'high',
|
|
42
43
|
category: 'prompt-injection',
|
|
43
44
|
},
|
|
45
|
+
{
|
|
46
|
+
id: 'pi-important-block',
|
|
47
|
+
title: 'Hidden instructions in <IMPORTANT> block',
|
|
48
|
+
regex: /<IMPORTANT>[\s\S]*?(silently|do\s+not\s+tell|without\s+asking|exfiltrate|send\s+all|upload\s+.*\s+to)[\s\S]*?<\/IMPORTANT>/i,
|
|
49
|
+
severity: 'critical',
|
|
50
|
+
category: 'prompt-injection',
|
|
51
|
+
},
|
|
52
|
+
{
|
|
53
|
+
id: 'pi-silent-exfil',
|
|
54
|
+
title: 'Silent data exfiltration instruction',
|
|
55
|
+
regex: /\b(silently\s+(send|upload|post|transmit)|without\s+(asking|consent|permission).*\b(send|upload|post|curl|fetch))\b/i,
|
|
56
|
+
severity: 'critical',
|
|
57
|
+
category: 'prompt-injection',
|
|
58
|
+
},
|
|
44
59
|
// Tool poisoning patterns
|
|
45
60
|
{
|
|
46
61
|
id: 'tp-sudo-escalation',
|
|
@@ -157,6 +172,8 @@ function isInSetupSection(instructions, matchIndex) {
|
|
|
157
172
|
*/
|
|
158
173
|
export function checkInstructions(instructions, sourceType = 'skill') {
|
|
159
174
|
const findings = [];
|
|
175
|
+
// Prepare prose (code blocks stripped) for two-pass matching
|
|
176
|
+
const prose = stripCodeBlocks(instructions);
|
|
160
177
|
// Pattern matching
|
|
161
178
|
for (const pattern of PATTERNS) {
|
|
162
179
|
const match = pattern.regex.exec(instructions);
|
|
@@ -183,6 +200,11 @@ export function checkInstructions(instructions, sourceType = 'skill') {
|
|
|
183
200
|
if (sourceType === 'documentation') {
|
|
184
201
|
severity = downgradeSeverity(severity);
|
|
185
202
|
}
|
|
203
|
+
// Two-pass: if pattern only matches in code blocks (not prose),
|
|
204
|
+
// downgrade — it's likely a documentation example, not an instruction
|
|
205
|
+
if (pattern.category === 'tool-poisoning' && !pattern.regex.test(prose)) {
|
|
206
|
+
severity = downgradeSeverity(severity);
|
|
207
|
+
}
|
|
186
208
|
findings.push({
|
|
187
209
|
id: pattern.id,
|
|
188
210
|
title: pattern.title,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"instruction-patterns.js","sourceRoot":"","sources":["../src/instruction-patterns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;
|
|
1
|
+
{"version":3,"file":"instruction-patterns.js","sourceRoot":"","sources":["../src/instruction-patterns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AActD,MAAM,QAAQ,GAAuB;IACnC,4BAA4B;IAC5B;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,gDAAgD;QACvD,KAAK,EACH,yIAAyI;QAC3I,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,qCAAqC;QAC5C,KAAK,EACH,kNAAkN;QACpN,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,KAAK,EAAE,8CAA8C;QACrD,KAAK,EAAE,6EAA6E;QACpF,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,qCAAqC;QAC5C,KAAK,EACH,gMAAgM;QAClM,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,wCAAwC;QAC/C,KAAK,EAAE,gEAAgE;QACvE,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,0CAA0C;QACjD,KAAK,EAAE,6HAA6H;QACpI,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,KAAK,EAAE,sCAAsC;QAC7C,KAAK,EAAE,sHAAsH;QAC7H,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,kBAAkB;KAC7B;IAED,0BAA0B;IAC1B;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,qCAAqC;QAC5C,KAAK,EAAE,gFAAgF;QACvF,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;KAC3B;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,KAAK,EAAE,gCAAgC;QACvC,KAAK,EACH,8MAA8M;QAChN,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,gBAAgB;KAC3B;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,KAAK,EAAE,qCAAqC;QAC5C,KAAK,EAAE,kEAAkE;QACzE,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,gBAAgB;KAC3B;IACD;QACE,EAAE,EAAE,cAAc;QAClB,KAAK,EAAE,mCAAmC;QAC1C,KAAK,EACH,uGAAuG;QACzG,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,gBAAgB;KAC3B;IACD;QACE,EAAE,EAAE,eAAe;QACnB,KAAK,EAAE,+BAA+B;QACtC,KAAK,EACH,mGAAmG;QACrG,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;KAC3B;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,KAAK,EAAE,6BAA6B;QACpC,KAAK,EAAE,0DAA0D;QACjE,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;KAC3B;CACF,CAAC;AAEF,8EAA8E;AAC9E,+BAA+B;AAC/B,8EAA8E;AAE9E,mEAAmE;AACnE,MAAM,iBAAiB,GACrB,gIAAgI,CAAC;AAEnI,iDAAiD;AACjD,MAAM,kBAAkB,GAAG,qBAAqB,CAAC;AAEjD,mFAAmF;AACnF,MAAM,aAAa,GAA2B;IAC5C,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG;IAC1D,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG;IAC1D,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG;IAC1D,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG;IAC1D,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG;IAC1D,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG;IAC3C,QAAQ;IACR,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG;IAC1D,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG;IAC1D,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG;IAC1D,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG;IAC1D,QAAQ,EAAE,GAAG;CACd,CAAC;AACF,MAAM,YAAY,GAAG,IAAI,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;AAE5E,wCAAwC;AACxC,MAAM,eAAe,GAAG,2BAA2B,CAAC;AACpD,MAAM,kBAAkB,GACtB,4FAA4F,CAAC;AAE/F,oCAAoC;AACpC,MAAM,aAAa,GAAG,0BAA0B,CAAC;AACjD,MAAM,YAAY,GAAG,4BAA4B,CAAC;AAElD,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,gBAAgB,EAAE,gBAAgB,EAAE,2BAA2B;IAC/D,sCAAsC,EAAE,cAAc,EAAE,mBAAmB;IAC3E,qBAAqB,EAAE,SAAS,EAAE,kBAAkB;IACpD,oCAAoC,EAAE,sBAAsB,EAAE,gBAAgB;IAC9E,cAAc;CACf,CAAC;AAEF,SAAS,oBAAoB,CAAC,YAAoB,EAAE,UAAkB;IACpE,MAAM,SAAS,GAAG,YAAY,CAAC,WAAW,CAAC,IAAI,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC;IACjE,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IACvD,MAAM,IAAI,GAAG,YAAY,CAAC,SAAS,CAAC,SAAS,EAAE,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;IACnG,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;AAC3E,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,iBAAiB,CAAC,QAAkB;IAC3C,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU,CAAC,CAAC,OAAO,QAAQ,CAAC;QACjC,KAAK,MAAM,CAAC,CAAC,OAAO,KAAK,CAAC;QAC1B,KAAK,QAAQ,CAAC,CAAC,OAAO,KAAK,CAAC;QAC5B,KAAK,KAAK,CAAC,CAAC,OAAO,MAAM,CAAC;QAC1B,OAAO,CAAC,CAAC,OAAO,QAAQ,CAAC;IAC3B,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,YAAoB,EAAE,UAAkB;IAChE,MAAM,MAAM,GAAG,YAAY,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,GAAG,CAAC,EAAE,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;IAC/F,OAAO,uGAAuG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC9H,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAC/B,YAAoB,EACpB,aAAwC,OAAO;IAE/C,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,6DAA6D;IAC7D,MAAM,KAAK,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IAE5C,mBAAmB;IACnB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC/C,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAE1E,iEAAiE;YACjE,IAAI,OAAO,CAAC,EAAE,KAAK,mBAAmB,IAAI,oBAAoB,CAAC,YAAY,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC1F,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,OAAO,CAAC,EAAE;oBACd,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,8BAA8B;oBACrD,WAAW,EAAE,sBAAsB,OAAO,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,sDAAsD;oBAC/H,QAAQ,EAAE,KAAK;oBACf,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,QAAQ,EAAE,YAAY,OAAO,EAAE;iBAChC,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;YAED,mEAAmE;YACnE,IAAI,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;YAChC,IAAI,gBAAgB,CAAC,YAAY,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChD,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YACzC,CAAC;YAED,+DAA+D;YAC/D,IAAI,UAAU,KAAK,eAAe,EAAE,CAAC;gBACnC,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YACzC,CAAC;YAED,gEAAgE;YAChE,sEAAsE;YACtE,IAAI,OAAO,CAAC,QAAQ,KAAK,gBAAgB,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACxE,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YACzC,CAAC;YAED,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,OAAO,CAAC,EAAE;gBACd,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,WAAW,EAAE,sBAAsB,OAAO,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG;gBAC5E,QAAQ;gBACR,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,QAAQ,EAAE,YAAY,OAAO,EAAE;aAChC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC1D,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;QACjF,MAAM,QAAQ,GAAG,YAAY,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACtD,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,gBAAgB;YACpB,KAAK,EAAE,oCAAoC;YAC3C,WAAW,EAAE,+BAA+B,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,YAAY,OAAO,oDAAoD;YACvK,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,kBAAkB;YAC5B,QAAQ,EAAE,YAAY,OAAO,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;IAED,sBAAsB;IACtB,MAAM,cAAc,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACvD,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;QACnF,MAAM,QAAQ,GAAG,cAAc,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACxD,MAAM,KAAK,GAAG,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC;QACtD,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,kBAAkB;YACtB,KAAK,EAAE,8BAA8B;YACrC,WAAW,EAAE,+BAA+B,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,iBAAiB,KAAK,cAAc,OAAO,0DAA0D;YACrM,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,kBAAkB;YAC5B,QAAQ,EAAE,YAAY,OAAO,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;IAED,oCAAoC;IACpC,MAAM,UAAU,GAAG,YAAY,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IACvD,IAAI,UAAU,EAAE,CAAC;QACf,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBAC7D,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBACrC,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,iBAAiB;wBACrB,KAAK,EAAE,mCAAmC;wBAC1C,WAAW,EAAE,kDAAkD,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM;wBAC7F,QAAQ,EAAE,UAAU;wBACpB,QAAQ,EAAE,kBAAkB;qBAC7B,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,yBAAyB;YAC3B,CAAC;QACH,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,MAAM,cAAc,GAAG,kBAAkB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC7D,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;QACnF,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,iBAAiB;YACrB,KAAK,EAAE,qCAAqC;YAC5C,WAAW,EAAE,4CAA4C,OAAO,mFAAmF;YACnJ,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,kBAAkB;YAC5B,QAAQ,EAAE,YAAY,OAAO,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;IAED,gCAAgC;IAChC,KAAK,MAAM,KAAK,IAAI,CAAC,aAAa,EAAE,YAAY,CAAC,EAAE,CAAC;QAClD,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC1C,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;gBAC5C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBAC1D,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBACrC,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,qBAAqB;wBACzB,KAAK,EAAE,gCAAgC;wBACvC,WAAW,EAAE,sDAAsD,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM;wBACjG,QAAQ,EAAE,UAAU;wBACpB,QAAQ,EAAE,kBAAkB;qBAC7B,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,sBAAsB;YACxB,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;IACpE,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IAC5D,MAAM,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IAE/F,MAAM,KAAK,GACT,QAAQ,CAAC,MAAM,KAAK,CAAC;QACnB,CAAC,CAAC,+CAA+C;QACjD,CAAC,CAAC,kBAAkB,QAAQ,CAAC,MAAM,iCAAiC,CAAC;IAEzE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AACrC,CAAC"}
|
package/dist/markdown-utils.d.ts
CHANGED
|
@@ -13,4 +13,24 @@ export declare function stripMarkdownNoise(raw: string): string;
|
|
|
13
13
|
export declare function extractCodeBlocks(content: string): string;
|
|
14
14
|
/** Remove fenced code blocks from content */
|
|
15
15
|
export declare function stripCodeBlocks(content: string): string;
|
|
16
|
+
/**
|
|
17
|
+
* Strip negation/exclusion sections from content.
|
|
18
|
+
* Removes "When NOT to use", "Do NOT", "Never" sections that describe
|
|
19
|
+
* what the skill does NOT do — preventing false positives when these
|
|
20
|
+
* sections mention dangerous keywords for contrast.
|
|
21
|
+
*/
|
|
22
|
+
export declare function stripNegationSections(content: string): string;
|
|
23
|
+
/**
|
|
24
|
+
* Prepare content for security checks by separating prose from code blocks
|
|
25
|
+
* and removing negation sections. All check modules should use this
|
|
26
|
+
* instead of running patterns against raw content.
|
|
27
|
+
*/
|
|
28
|
+
export declare function prepareContent(raw: string): {
|
|
29
|
+
/** Prose only: code blocks and negation sections removed */
|
|
30
|
+
prose: string;
|
|
31
|
+
/** Content inside code blocks only */
|
|
32
|
+
codeBlocks: string;
|
|
33
|
+
/** Raw content unchanged */
|
|
34
|
+
raw: string;
|
|
35
|
+
};
|
|
16
36
|
//# sourceMappingURL=markdown-utils.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"markdown-utils.d.ts","sourceRoot":"","sources":["../src/markdown-utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAetD;AAED,8CAA8C;AAC9C,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAQzD;AAED,6CAA6C;AAC7C,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEvD"}
|
|
1
|
+
{"version":3,"file":"markdown-utils.d.ts","sourceRoot":"","sources":["../src/markdown-utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAetD;AAED,8CAA8C;AAC9C,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAQzD;AAED,6CAA6C;AAC7C,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEvD;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAW7D;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG;IAC3C,4DAA4D;IAC5D,KAAK,EAAE,MAAM,CAAC;IACd,sCAAsC;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,4BAA4B;IAC5B,GAAG,EAAE,MAAM,CAAC;CACb,CAIA"}
|
package/dist/markdown-utils.js
CHANGED
|
@@ -38,4 +38,29 @@ export function extractCodeBlocks(content) {
|
|
|
38
38
|
export function stripCodeBlocks(content) {
|
|
39
39
|
return content.replace(/```[\s\S]*?```/g, ' ');
|
|
40
40
|
}
|
|
41
|
+
/**
|
|
42
|
+
* Strip negation/exclusion sections from content.
|
|
43
|
+
* Removes "When NOT to use", "Do NOT", "Never" sections that describe
|
|
44
|
+
* what the skill does NOT do — preventing false positives when these
|
|
45
|
+
* sections mention dangerous keywords for contrast.
|
|
46
|
+
*/
|
|
47
|
+
export function stripNegationSections(content) {
|
|
48
|
+
// Remove lines/paragraphs that are clearly negation context
|
|
49
|
+
let cleaned = content;
|
|
50
|
+
// Remove bullet points starting with negation
|
|
51
|
+
cleaned = cleaned.replace(/^[\s-]*(?:❌|✗|✘)\s+.*$/gm, ' ');
|
|
52
|
+
// Remove "When NOT to use" / "Do NOT use" section headers + following bullets
|
|
53
|
+
cleaned = cleaned.replace(/^#{1,4}\s+(?:when\s+)?(?:not?\s+(?:to\s+)?use|don[''\u2019]?t\s+use|never\s+use).*$(?:\n(?:[-*]\s+.*|[ \t]+.*|\s*)$)*/gim, ' ');
|
|
54
|
+
return cleaned;
|
|
55
|
+
}
|
|
56
|
+
/**
|
|
57
|
+
* Prepare content for security checks by separating prose from code blocks
|
|
58
|
+
* and removing negation sections. All check modules should use this
|
|
59
|
+
* instead of running patterns against raw content.
|
|
60
|
+
*/
|
|
61
|
+
export function prepareContent(raw) {
|
|
62
|
+
const codeBlocks = extractCodeBlocks(raw);
|
|
63
|
+
const prose = stripNegationSections(stripCodeBlocks(raw));
|
|
64
|
+
return { prose, codeBlocks, raw };
|
|
65
|
+
}
|
|
41
66
|
//# sourceMappingURL=markdown-utils.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"markdown-utils.js","sourceRoot":"","sources":["../src/markdown-utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,IAAI,OAAO,GAAG,GAAG,CAAC;IAClB,wCAAwC;IACxC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;IAClD,kDAAkD;IAClD,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;IACpD,6BAA6B;IAC7B,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IAC3C,qBAAqB;IACrB,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IAC7C,6CAA6C;IAC7C,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;IAC1D,mBAAmB;IACnB,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IAC3C,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8CAA8C;AAC9C,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,EAAE,GAAG,iBAAiB,CAAC;IAC7B,IAAI,KAA6B,CAAC;IAClC,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACxB,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED,6CAA6C;AAC7C,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,OAAO,OAAO,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;AACjD,CAAC"}
|
|
1
|
+
{"version":3,"file":"markdown-utils.js","sourceRoot":"","sources":["../src/markdown-utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,IAAI,OAAO,GAAG,GAAG,CAAC;IAClB,wCAAwC;IACxC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;IAClD,kDAAkD;IAClD,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;IACpD,6BAA6B;IAC7B,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IAC3C,qBAAqB;IACrB,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IAC7C,6CAA6C;IAC7C,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;IAC1D,mBAAmB;IACnB,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IAC3C,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8CAA8C;AAC9C,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,EAAE,GAAG,iBAAiB,CAAC;IAC7B,IAAI,KAA6B,CAAC;IAClC,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACxB,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED,6CAA6C;AAC7C,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,OAAO,OAAO,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAe;IACnD,4DAA4D;IAC5D,IAAI,OAAO,GAAG,OAAO,CAAC;IACtB,8CAA8C;IAC9C,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;IAC3D,8EAA8E;IAC9E,OAAO,GAAG,OAAO,CAAC,OAAO,CACvB,0HAA0H,EAC1H,GAAG,CACJ,CAAC;IACF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAAC,GAAW;IAQxC,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,qBAAqB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;AACpC,CAAC"}
|