@panguard-ai/scan-core 0.1.2 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/__tests__/atr-engine.test.js +3 -2
- package/dist/__tests__/atr-engine.test.js.map +1 -1
- package/dist/__tests__/context-signals.test.js +2 -1
- package/dist/__tests__/context-signals.test.js.map +1 -1
- package/dist/__tests__/hash-utils.test.js +1 -0
- package/dist/__tests__/hash-utils.test.js.map +1 -1
- package/dist/__tests__/manifest-parser.test.js +2 -6
- package/dist/__tests__/manifest-parser.test.js.map +1 -1
- package/dist/__tests__/risk-scorer.test.js +2 -4
- package/dist/__tests__/risk-scorer.test.js.map +1 -1
- package/dist/__tests__/scanner.test.js +15 -40
- package/dist/__tests__/scanner.test.js.map +1 -1
- package/dist/atr-engine.d.ts +2 -0
- package/dist/atr-engine.d.ts.map +1 -1
- package/dist/atr-engine.js +23 -6
- package/dist/atr-engine.js.map +1 -1
- package/dist/context-signals.d.ts +4 -0
- package/dist/context-signals.d.ts.map +1 -1
- package/dist/context-signals.js +142 -19
- package/dist/context-signals.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/instruction-patterns.d.ts.map +1 -1
- package/dist/instruction-patterns.js +86 -20
- package/dist/instruction-patterns.js.map +1 -1
- package/dist/markdown-utils.d.ts +20 -0
- package/dist/markdown-utils.d.ts.map +1 -1
- package/dist/markdown-utils.js +26 -1
- package/dist/markdown-utils.js.map +1 -1
- package/dist/risk-scorer.d.ts.map +1 -1
- package/dist/risk-scorer.js +18 -5
- package/dist/risk-scorer.js.map +1 -1
- package/dist/scanner.d.ts.map +1 -1
- package/dist/scanner.js +17 -5
- package/dist/scanner.js.map +1 -1
- package/package.json +9 -9
- package/LICENSE +0 -21
package/dist/atr-engine.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"atr-engine.js","sourceRoot":"","sources":["../src/atr-engine.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;
|
|
1
|
+
{"version":3,"file":"atr-engine.js","sourceRoot":"","sources":["../src/atr-engine.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE9D,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E;;;;GAIG;AACH,SAAS,WAAW,CAAC,EAAU;IAC7B,MAAM,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC;IACtB,6EAA6E;IAC7E,IAAI,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACjD,2DAA2D;IAC3D,IAAI,sBAAsB,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACnD,iEAAiE;IACjE,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACzC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,KAAiC;IAC5D,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC1B,GAAG,IAAI;QACP,QAAQ,EAAE,IAAI,CAAC,QAAQ;aACpB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACT,IAAI,CAAC;gBACH,sEAAsE;gBACtE,MAAM,mBAAmB,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;gBACtD,MAAM,OAAO,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;gBACpF,MAAM,KAAK,GAAG,mBAAmB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC7C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;gBACzC,mCAAmC;gBACnC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACrC,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YACjC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC,CAAC;aACD,MAAM,CAAC,OAAO,CAA2C;KAC7D,CAAC,CAAC,CAAC;AACN,CAAC;AAED,8EAA8E;AAC9E,yBAAyB;AACzB,8EAA8E;AAE9E,SAAS,kBAAkB,CAAC,OAAe;IACzC,MAAM,UAAU,GAAG,wEAAwE,CAAC;IAC5F,IAAI,KAA6B,CAAC;IAClC,IAAI,KAAK,GAAG,KAAK,CAAC;IAClB,OAAO,CAAC,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACnD,KAAK,GAAG,IAAI,CAAC;QACb,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QACrE,MAAM,IAAI,GAAG,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9F,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QACjF,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;IAC5B,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB,EAAE,eAAuB;IAClE,MAAM,oBAAoB,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC;IACzF,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACzC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7E,OAAO,kBAAkB,CAAC,eAAe,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB;IACzC,MAAM,GAAG,GAA6B;QACpC,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,KAAK;QACX,MAAM,EAAE,KAAK;QACb,GAAG,EAAE,MAAM;QACX,IAAI,EAAE,MAAM;KACb,CAAC;IACF,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC;AACjC,CAAC;AAiBD;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CACzB,OAAe,EACf,KAA8B,EAC9B,UAA0B,EAAE;IAM5B,MAAM,EAAE,QAAQ,GAAG,KAAK,EAAE,iBAAiB,GAAG,KAAK,EAAE,WAAW,GAAG,KAAK,EAAE,gBAAgB,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC;IAC/G,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAC;IACzC,MAAM,eAAe,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAEpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAAE,SAAS;QAE1C,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACrC,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAChD,QAAQ,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;gBAC7B,MAAM,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;gBAC7D,QAAQ,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;gBAE7B,IAAI,UAAU,EAAE,CAAC;oBACf,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;oBAC5B,MAAM,YAAY,GAAG,CACnB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC;wBACnE,CAAC,CAAC,IAAI,CAAC,QAAQ;wBACf,CAAC,CAAC,QAAQ,CACD,CAAC;oBAEd,IAAI,QAAQ,GAAG,YAAY,CAAC;oBAC5B,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,IAAI,EAAE,CAAC;oBAEjC,oEAAoE;oBACpE,IAAI,eAAe,EAAE,CAAC;wBACpB,IAAI,QAAQ;4BAAE,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;wBACrD,IAAI,iBAAiB,CAAC,GAAG,IAAI,CAAC,KAAK,IAAI,IAAI,EAAE,EAAE,OAAO,CAAC,EAAE,CAAC;4BACxD,QAAQ,GAAG,KAAK,CAAC;wBACnB,CAAC;wBACD,IAAI,iBAAiB,EAAE,CAAC;4BACtB,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;wBACzC,CAAC;wBACD,uEAAuE;wBACvE,4DAA4D;wBAC5D,IAAI,WAAW,IAAI,CAAC,QAAQ,EAAE,CAAC;4BAC7B,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;wBACzC,CAAC;wBACD,6EAA6E;wBAC7E,sEAAsE;wBACtE,IAAI,gBAAgB,EAAE,CAAC;4BACrB,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;4BACvC,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;wBACzC,CAAC;oBACH,CAAC;oBACD,mEAAmE;oBACnE,wEAAwE;oBACxE,IAAI,CAAC,eAAe,IAAI,UAAU,EAAE,CAAC;wBACnC,IAAI,iBAAiB,IAAI,WAAW,EAAE,CAAC;4BACrC,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;wBACzC,CAAC;wBACD,IAAI,gBAAgB,EAAE,CAAC;4BACrB,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;wBACzC,CAAC;oBACH,CAAC;oBAED,MAAM,WAAW,GAAG,iBAAiB,CAAC,GAAG,IAAI,CAAC,KAAK,IAAI,IAAI,EAAE,EAAE,OAAO,CAAC,CAAC;oBAExE,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,OAAO,IAAI,CAAC,EAAE,EAAE;wBACpB,KAAK,EAAE,WAAW;4BAChB,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,8BAA8B;4BAC7C,CAAC,CAAC,CAAC,eAAe,IAAI,UAAU;gCAC9B,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,qBAAqB;gCACpC,CAAC,CAAC,IAAI,CAAC,KAAK;wBAChB,WAAW,EAAE,QAAQ,CAAC,IAAI,IAAI,oBAAoB,IAAI,CAAC,EAAE,EAAE;wBAC3D,QAAQ;wBACR,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,KAAK;wBAChC,QAAQ,EAAE,aAAa,IAAI,CAAC,EAAE,EAAE;qBACjC,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,qBAAqB;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ;QACR,KAAK,EAAE;YACL,MAAM,EAAE,cAAc,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;YACjD,KAAK,EACH,cAAc,CAAC,IAAI,GAAG,CAAC;gBACrB,CAAC,CAAC,kBAAkB,cAAc,CAAC,IAAI,uBAAuB,KAAK,CAAC,MAAM,aAAa;gBACvF,CAAC,CAAC,yBAAyB,KAAK,CAAC,MAAM,mBAAmB;SAC/D;QACD,YAAY,EAAE,cAAc,CAAC,IAAI;KAClC,CAAC;AACJ,CAAC"}
|
|
@@ -5,6 +5,10 @@
|
|
|
5
5
|
* in skill content. Returns a multiplier that adjusts risk scoring.
|
|
6
6
|
*
|
|
7
7
|
* This is the single canonical implementation used by both CLI and Website.
|
|
8
|
+
*
|
|
9
|
+
* v1.4: Boosters now run against prose (code blocks stripped) to avoid
|
|
10
|
+
* false positives from documentation examples.
|
|
11
|
+
* Reducers expanded to recognise common CLI tools and API integrations.
|
|
8
12
|
*/
|
|
9
13
|
import type { ContextSignals } from './types.js';
|
|
10
14
|
interface ManifestLike {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"context-signals.d.ts","sourceRoot":"","sources":["../src/context-signals.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"context-signals.d.ts","sourceRoot":"","sources":["../src/context-signals.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAiB,cAAc,EAAE,MAAM,YAAY,CAAC;AAyEhE,UAAU,YAAY;IACpB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,CAAC,EAAE;QAClB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,QAAQ,CAAC,EAAE;YAClB,QAAQ,CAAC,QAAQ,CAAC,EAAE;gBAClB,QAAQ,CAAC,IAAI,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;aACnC,CAAC;SACH,CAAC;KACH,CAAC;IACF,QAAQ,CAAC,eAAe,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAC9C;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,YAAY,GAAG,IAAI,GAAG,SAAS,GACxC,cAAc,CA2PhB"}
|
package/dist/context-signals.js
CHANGED
|
@@ -5,6 +5,10 @@
|
|
|
5
5
|
* in skill content. Returns a multiplier that adjusts risk scoring.
|
|
6
6
|
*
|
|
7
7
|
* This is the single canonical implementation used by both CLI and Website.
|
|
8
|
+
*
|
|
9
|
+
* v1.4: Boosters now run against prose (code blocks stripped) to avoid
|
|
10
|
+
* false positives from documentation examples.
|
|
11
|
+
* Reducers expanded to recognise common CLI tools and API integrations.
|
|
8
12
|
*/
|
|
9
13
|
import { extractCodeBlocks, stripCodeBlocks } from './markdown-utils.js';
|
|
10
14
|
// ---------------------------------------------------------------------------
|
|
@@ -22,6 +26,28 @@ const DANGEROUS_INSTRUCTION_RE = /\b(rm\s+-rf|chmod\s+7|bash\s+-[ci]|sh\s+-c|cur
|
|
|
22
26
|
// Reducer Patterns (legitimate signals)
|
|
23
27
|
// ---------------------------------------------------------------------------
|
|
24
28
|
const DEV_TOOL_DESCRIPTION_RE = /\b(shell|cli|terminal|command[\s-]line|devops|qa\s+test|build\s+tool|development\s+tool|debugging|headless\s+browser|automation|deploy|scaffold|code\s+review|lint|format|testing\s+framework|package\s+manager|docker|container|kubernetes|ci[\s/]cd)\b/i;
|
|
29
|
+
// Recognises API integrations, connectors, and well-known service names
|
|
30
|
+
const API_INTEGRATION_RE = /\b(api\s+integration|api\s+client|connector|webhook|slack|discord|notion|github|gitlab|jira|trello|asana|linear|airtable|google\s+sheets|zapier|weather|wttr\.in|open[\s-]?meteo)\b/i;
|
|
31
|
+
// Capability declaration: structured "## Tools" / "## Commands" / "## Features" section
|
|
32
|
+
// with bullet-list tool definitions (e.g. "- query: Execute a SELECT query")
|
|
33
|
+
const CAPABILITY_SECTION_RE = /^#{1,3}\s+(?:Tools|Commands|Features|Capabilities|Functions|Methods|Endpoints)\s*$/m;
|
|
34
|
+
const TOOL_DEFINITION_LIST_RE = /^[-*]\s+\w[\w-]*\s*:\s+.+$/m;
|
|
35
|
+
// Security measures language: content explicitly mentions safety constraints
|
|
36
|
+
const SECURITY_MEASURES_RE = /\b(only\s+SELECT|read[\s-]only|validated|sandboxed|restricted|allowed\s+directories|allow[\s-]?list|deny[\s-]?list|rate[\s-]?limit|no\s+write|no\s+delete|immutable|whitelisted|blocklist)\b/i;
|
|
37
|
+
// Defensive/educational text: content teaches security defense, NOT attacks.
|
|
38
|
+
// These patterns indicate the SKILL.md is instructing the agent to DETECT or
|
|
39
|
+
// PREVENT threats, not to execute them. A high density of these phrases means
|
|
40
|
+
// the skill is a security tool or educational resource.
|
|
41
|
+
const DEFENSIVE_PHRASES = [
|
|
42
|
+
/\b(never\s+execute|do\s+not\s+(execute|run|follow)|don[''\u2019]?t\s+(execute|run|follow|trust))\b/i,
|
|
43
|
+
/\b(protect\s+against|defend\s+against|prevent|detect|monitor\s+for|watch\s+for|look\s+for|scan\s+for|check\s+for|guard\s+against)\b/i,
|
|
44
|
+
/\b(attack\s+surface|threat\s+(model|vector|detection)|security\s+(audit|review|hardening|check|scan|assessment))\b/i,
|
|
45
|
+
/\b(red\s+flag|suspicious\s+pattern|malicious\s+(content|input|instruction)|prompt\s+injection|jailbreak)\b/i,
|
|
46
|
+
/\b(data\s+exfiltration|credential\s+(theft|leak|exposure)|unauthorized\s+access)\b/i,
|
|
47
|
+
/\b(responsible\s+disclosure|security\s+best\s+practice|safety\s+guideline|trust\s+boundar)/i,
|
|
48
|
+
];
|
|
49
|
+
// Well-known CLI tools that legitimately need shell access
|
|
50
|
+
const KNOWN_CLI_BINS_RE = /^(bash|sh|zsh|curl|wget|git|gh|jq|grep|sed|awk|find|rsync|scp|make|npm|npx|pnpm|yarn|pip|python|node|go|cargo|docker|kubectl|terraform|aws|gcloud|az|ffmpeg|convert|osascript|pbcopy|pbpaste|open|xdg-open)$/i;
|
|
25
51
|
/**
|
|
26
52
|
* Detect context signals from skill content and manifest.
|
|
27
53
|
*
|
|
@@ -31,8 +57,12 @@ const DEV_TOOL_DESCRIPTION_RE = /\b(shell|cli|terminal|command[\s-]line|devops|q
|
|
|
31
57
|
*/
|
|
32
58
|
export function detectContextSignals(content, manifest) {
|
|
33
59
|
const signals = [];
|
|
60
|
+
// Prepare prose for booster checks (strip code blocks to avoid doc examples)
|
|
61
|
+
const prose = stripCodeBlocks(content);
|
|
34
62
|
// -- Boosters --
|
|
35
|
-
|
|
63
|
+
// Run against prose only — attackers write malicious instructions in prose,
|
|
64
|
+
// not inside code block examples.
|
|
65
|
+
if (IMPORTANT_BLOCK_RE.test(prose)) {
|
|
36
66
|
signals.push({
|
|
37
67
|
id: 'boost-important-block',
|
|
38
68
|
type: 'booster',
|
|
@@ -40,7 +70,7 @@ export function detectContextSignals(content, manifest) {
|
|
|
40
70
|
weight: 0.5,
|
|
41
71
|
});
|
|
42
72
|
}
|
|
43
|
-
if (CONCEALMENT_RE.test(
|
|
73
|
+
if (CONCEALMENT_RE.test(prose)) {
|
|
44
74
|
signals.push({
|
|
45
75
|
id: 'boost-concealment',
|
|
46
76
|
type: 'booster',
|
|
@@ -48,7 +78,7 @@ export function detectContextSignals(content, manifest) {
|
|
|
48
78
|
weight: 0.5,
|
|
49
79
|
});
|
|
50
80
|
}
|
|
51
|
-
if (EXFIL_URL_RE.test(
|
|
81
|
+
if (EXFIL_URL_RE.test(prose)) {
|
|
52
82
|
signals.push({
|
|
53
83
|
id: 'boost-exfil-url',
|
|
54
84
|
type: 'booster',
|
|
@@ -56,7 +86,7 @@ export function detectContextSignals(content, manifest) {
|
|
|
56
86
|
weight: 0.4,
|
|
57
87
|
});
|
|
58
88
|
}
|
|
59
|
-
if (CONSENT_BYPASS_RE.test(
|
|
89
|
+
if (CONSENT_BYPASS_RE.test(prose)) {
|
|
60
90
|
signals.push({
|
|
61
91
|
id: 'boost-consent-bypass',
|
|
62
92
|
type: 'booster',
|
|
@@ -64,7 +94,7 @@ export function detectContextSignals(content, manifest) {
|
|
|
64
94
|
weight: 0.3,
|
|
65
95
|
});
|
|
66
96
|
}
|
|
67
|
-
if (CREDENTIAL_FILE_RE.test(
|
|
97
|
+
if (CREDENTIAL_FILE_RE.test(prose) && NETWORK_CALL_RE.test(prose)) {
|
|
68
98
|
signals.push({
|
|
69
99
|
id: 'boost-credential-plus-network',
|
|
70
100
|
type: 'booster',
|
|
@@ -73,8 +103,9 @@ export function detectContextSignals(content, manifest) {
|
|
|
73
103
|
});
|
|
74
104
|
}
|
|
75
105
|
// Description-behavior mismatch: benign description + dangerous instructions
|
|
106
|
+
// Also check prose only for the dangerous instruction side
|
|
76
107
|
const description = manifest?.description ?? '';
|
|
77
|
-
if (BENIGN_DESCRIPTION_RE.test(description) && DANGEROUS_INSTRUCTION_RE.test(
|
|
108
|
+
if (BENIGN_DESCRIPTION_RE.test(description) && DANGEROUS_INSTRUCTION_RE.test(prose)) {
|
|
78
109
|
signals.push({
|
|
79
110
|
id: 'boost-description-mismatch',
|
|
80
111
|
type: 'booster',
|
|
@@ -85,12 +116,12 @@ export function detectContextSignals(content, manifest) {
|
|
|
85
116
|
// -- Reducers --
|
|
86
117
|
// Declared tool capabilities (allowed-tools in frontmatter)
|
|
87
118
|
const declaredTools = manifest?.['allowed-tools'] ?? manifest?.metadata?.openclaw?.requires?.bins ?? [];
|
|
88
|
-
const
|
|
89
|
-
if (
|
|
119
|
+
const declaresKnownCLI = declaredTools.some((t) => KNOWN_CLI_BINS_RE.test(t));
|
|
120
|
+
if (declaresKnownCLI) {
|
|
90
121
|
signals.push({
|
|
91
122
|
id: 'reduce-declared-tools',
|
|
92
123
|
type: 'reducer',
|
|
93
|
-
label: 'Skill declares
|
|
124
|
+
label: 'Skill declares well-known CLI tool(s) in frontmatter',
|
|
94
125
|
weight: -0.3,
|
|
95
126
|
});
|
|
96
127
|
}
|
|
@@ -103,18 +134,24 @@ export function detectContextSignals(content, manifest) {
|
|
|
103
134
|
weight: -0.2,
|
|
104
135
|
});
|
|
105
136
|
}
|
|
137
|
+
// API integration description — legitimate connector/integration skill
|
|
138
|
+
if (API_INTEGRATION_RE.test(description)) {
|
|
139
|
+
signals.push({
|
|
140
|
+
id: 'reduce-api-integration',
|
|
141
|
+
type: 'reducer',
|
|
142
|
+
label: 'Description identifies as API integration or well-known service connector',
|
|
143
|
+
weight: -0.2,
|
|
144
|
+
});
|
|
145
|
+
}
|
|
106
146
|
// Structured frontmatter (well-formed skill)
|
|
147
|
+
// Relaxed: name + description is enough (most skills don't have version/license)
|
|
107
148
|
if (manifest?.name && manifest?.description) {
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
label: 'Well-structured frontmatter with name, description, and version/license',
|
|
115
|
-
weight: -0.1,
|
|
116
|
-
});
|
|
117
|
-
}
|
|
149
|
+
signals.push({
|
|
150
|
+
id: 'reduce-structured-frontmatter',
|
|
151
|
+
type: 'reducer',
|
|
152
|
+
label: 'Well-structured frontmatter with name and description',
|
|
153
|
+
weight: -0.1,
|
|
154
|
+
});
|
|
118
155
|
}
|
|
119
156
|
// Also check frontmatter from raw content (for website where manifest may be partial)
|
|
120
157
|
if (!manifest?.name) {
|
|
@@ -151,6 +188,92 @@ export function detectContextSignals(content, manifest) {
|
|
|
151
188
|
});
|
|
152
189
|
}
|
|
153
190
|
}
|
|
191
|
+
// Capability declaration: frontmatter with name+description AND a structured
|
|
192
|
+
// tools/commands section with bullet-list definitions. This pattern is typical
|
|
193
|
+
// of legitimate SKILL.md / MCP server docs that describe tool capabilities.
|
|
194
|
+
const hasFmName = manifest?.name || /^name:\s*.+/m.test(content);
|
|
195
|
+
const hasFmDesc = manifest?.description || /^description:\s*.+/m.test(content);
|
|
196
|
+
if (hasFmName &&
|
|
197
|
+
hasFmDesc &&
|
|
198
|
+
CAPABILITY_SECTION_RE.test(content) &&
|
|
199
|
+
TOOL_DEFINITION_LIST_RE.test(content)) {
|
|
200
|
+
signals.push({
|
|
201
|
+
id: 'reduce-capability-declaration',
|
|
202
|
+
type: 'reducer',
|
|
203
|
+
label: 'Structured capability declaration with tool definitions',
|
|
204
|
+
weight: -0.5,
|
|
205
|
+
});
|
|
206
|
+
}
|
|
207
|
+
// Claude Code skill/command/agent format detection.
|
|
208
|
+
// These files are instructions TO Claude about what to check/do, not executable
|
|
209
|
+
// attack payloads. They legitimately mention security terms like "SQL injection"
|
|
210
|
+
// because they're telling Claude to LOOK FOR those issues.
|
|
211
|
+
const noFrontmatter = !/^---\n/.test(content.trimStart());
|
|
212
|
+
const startsWithTitle = /^\s*#\s+\S/.test(content.trimStart());
|
|
213
|
+
const hasNumberedSteps = /(?:^|\n)\s*(?:\d+\.|##\s*Step)\s+/m.test(content);
|
|
214
|
+
const hasChecklist = /\*\*.*(?:CRITICAL|HIGH|MEDIUM|LOW).*\*\*/m.test(content);
|
|
215
|
+
// Commands: no frontmatter, title + steps
|
|
216
|
+
if (noFrontmatter && startsWithTitle && (hasNumberedSteps || hasChecklist)) {
|
|
217
|
+
signals.push({
|
|
218
|
+
id: 'reduce-claude-command-format',
|
|
219
|
+
type: 'reducer',
|
|
220
|
+
label: 'Claude Code command format (instructional, not executable)',
|
|
221
|
+
weight: -0.5,
|
|
222
|
+
});
|
|
223
|
+
}
|
|
224
|
+
// Agents/skills with frontmatter declaring tools/model/origin (Claude Code native format)
|
|
225
|
+
const hasToolsField = /^(?:tools|allowed-tools)\s*:/m.test(content);
|
|
226
|
+
const hasModelField = /^model\s*:/m.test(content);
|
|
227
|
+
const hasOriginField = /^origin\s*:/m.test(content);
|
|
228
|
+
if (hasFmName && hasFmDesc && (hasToolsField || hasModelField || hasOriginField)) {
|
|
229
|
+
signals.push({
|
|
230
|
+
id: 'reduce-claude-agent-format',
|
|
231
|
+
type: 'reducer',
|
|
232
|
+
label: 'Claude Code agent/skill with declared tools, model, or origin',
|
|
233
|
+
weight: -0.5,
|
|
234
|
+
});
|
|
235
|
+
}
|
|
236
|
+
// Minimal frontmatter skill (name + description only, common pattern for curated skills)
|
|
237
|
+
// These are knowledge-base skills that provide patterns/guidelines, not attack payloads.
|
|
238
|
+
if (hasFmName && hasFmDesc && !noFrontmatter && !hasToolsField && !hasModelField) {
|
|
239
|
+
signals.push({
|
|
240
|
+
id: 'reduce-knowledge-skill',
|
|
241
|
+
type: 'reducer',
|
|
242
|
+
label: 'Curated knowledge skill with structured frontmatter',
|
|
243
|
+
weight: -0.3,
|
|
244
|
+
});
|
|
245
|
+
}
|
|
246
|
+
// Security measures: content explicitly mentions safety constraints
|
|
247
|
+
if (SECURITY_MEASURES_RE.test(prose)) {
|
|
248
|
+
signals.push({
|
|
249
|
+
id: 'reduce-security-measures',
|
|
250
|
+
type: 'reducer',
|
|
251
|
+
label: 'Content declares security measures or access restrictions',
|
|
252
|
+
weight: -0.3,
|
|
253
|
+
});
|
|
254
|
+
}
|
|
255
|
+
// Defensive/educational text: high density of security-defense language
|
|
256
|
+
// means the skill is TEACHING about threats, not carrying them.
|
|
257
|
+
// Count how many defensive phrase categories match.
|
|
258
|
+
const defensiveHits = DEFENSIVE_PHRASES.filter((re) => re.test(prose)).length;
|
|
259
|
+
if (defensiveHits >= 4) {
|
|
260
|
+
// 4+ categories = clearly a security/educational skill
|
|
261
|
+
signals.push({
|
|
262
|
+
id: 'reduce-defensive-text-strong',
|
|
263
|
+
type: 'reducer',
|
|
264
|
+
label: `Security-defense educational content (${defensiveHits}/6 categories)`,
|
|
265
|
+
weight: -0.7,
|
|
266
|
+
});
|
|
267
|
+
}
|
|
268
|
+
else if (defensiveHits >= 2) {
|
|
269
|
+
// 2-3 categories = some defensive language
|
|
270
|
+
signals.push({
|
|
271
|
+
id: 'reduce-defensive-text',
|
|
272
|
+
type: 'reducer',
|
|
273
|
+
label: `Contains security-defense language (${defensiveHits}/6 categories)`,
|
|
274
|
+
weight: -0.4,
|
|
275
|
+
});
|
|
276
|
+
}
|
|
154
277
|
// -- Calculate multiplier --
|
|
155
278
|
let multiplier = 1.0;
|
|
156
279
|
for (const signal of signals) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"context-signals.js","sourceRoot":"","sources":["../src/context-signals.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"context-signals.js","sourceRoot":"","sources":["../src/context-signals.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAEzE,8EAA8E;AAC9E,uCAAuC;AACvC,8EAA8E;AAE9E,MAAM,kBAAkB,GAAG,cAAc,CAAC;AAE1C,MAAM,cAAc,GAClB,iMAAiM,CAAC;AAEpM,MAAM,YAAY,GAChB,sIAAsI,CAAC;AAEzI,MAAM,iBAAiB,GACrB,+OAA+O,CAAC;AAElP,MAAM,kBAAkB,GACtB,4IAA4I,CAAC;AAE/I,MAAM,eAAe,GACnB,6EAA6E,CAAC;AAEhF,MAAM,qBAAqB,GACzB,mSAAmS,CAAC;AAEtS,MAAM,wBAAwB,GAC5B,iIAAiI,CAAC;AAEpI,8EAA8E;AAC9E,wCAAwC;AACxC,8EAA8E;AAE9E,MAAM,uBAAuB,GAC3B,2PAA2P,CAAC;AAE9P,wEAAwE;AACxE,MAAM,kBAAkB,GACtB,sLAAsL,CAAC;AAEzL,wFAAwF;AACxF,6EAA6E;AAC7E,MAAM,qBAAqB,GACzB,qFAAqF,CAAC;AAExF,MAAM,uBAAuB,GAAG,6BAA6B,CAAC;AAE9D,6EAA6E;AAC7E,MAAM,oBAAoB,GACxB,+LAA+L,CAAC;AAElM,6EAA6E;AAC7E,6EAA6E;AAC7E,8EAA8E;AAC9E,wDAAwD;AACxD,MAAM,iBAAiB,GAAG;IACxB,qGAAqG;IACrG,sIAAsI;IACtI,qHAAqH;IACrH,6GAA6G;IAC7G,qFAAqF;IACrF,6FAA6F;CAC9F,CAAC;AAEF,2DAA2D;AAC3D,MAAM,iBAAiB,GACrB,+MAA+M,CAAC;AAqBlN;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB,CAClC,OAAe,EACf,QAAyC;IAEzC,MAAM,OAAO,GAAoB,EAAE,CAAC;IAEpC,6EAA6E;IAC7E,MAAM,KAAK,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IAEvC,iBAAiB;IACjB,4EAA4E;IAC5E,kCAAkC;IAElC,IAAI,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACnC,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,uBAAuB;YAC3B,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,+CAA+C;YACtD,MAAM,EAAE,GAAG;SACZ,CAAC,CAAC;IACL,CAAC;IAED,IAAI,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,mBAAmB;YACvB,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,wDAAwD;YAC/D,MAAM,EAAE,GAAG;SACZ,CAAC,CAAC;IACL,CAAC;IAED,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,iBAAiB;YACrB,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,mCAAmC;YAC1C,MAAM,EAAE,GAAG;SACZ,CAAC,CAAC;IACL,CAAC;IAED,IAAI,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAClC,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,sBAAsB;YAC1B,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,kCAAkC;YACzC,MAAM,EAAE,GAAG;SACZ,CAAC,CAAC;IACL,CAAC;IAED,IAAI,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAClE,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,+BAA+B;YACnC,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,oDAAoD;YAC3D,MAAM,EAAE,GAAG;SACZ,CAAC,CAAC;IACL,CAAC;IAED,6EAA6E;IAC7E,2DAA2D;IAC3D,MAAM,WAAW,GAAG,QAAQ,EAAE,WAAW,IAAI,EAAE,CAAC;IAChD,IAAI,qBAAqB,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,wBAAwB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACpF,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,4BAA4B;YAChC,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,4EAA4E;YACnF,MAAM,EAAE,GAAG;SACZ,CAAC,CAAC;IACL,CAAC;IAED,iBAAiB;IAEjB,4DAA4D;IAC5D,MAAM,aAAa,GACjB,QAAQ,EAAE,CAAC,eAAe,CAAC,IAAI,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC;IACpF,MAAM,gBAAgB,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IACtF,IAAI,gBAAgB,EAAE,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,uBAAuB;YAC3B,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,sDAAsD;YAC7D,MAAM,EAAE,CAAC,GAAG;SACb,CAAC,CAAC;IACL,CAAC;IAED,0DAA0D;IAC1D,IAAI,uBAAuB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;QAC9C,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,gCAAgC;YACpC,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,2CAA2C;YAClD,MAAM,EAAE,CAAC,GAAG;SACb,CAAC,CAAC;IACL,CAAC;IAED,uEAAuE;IACvE,IAAI,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,wBAAwB;YAC5B,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,2EAA2E;YAClF,MAAM,EAAE,CAAC,GAAG;SACb,CAAC,CAAC;IACL,CAAC;IAED,6CAA6C;IAC7C,iFAAiF;IACjF,IAAI,QAAQ,EAAE,IAAI,IAAI,QAAQ,EAAE,WAAW,EAAE,CAAC;QAC5C,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,+BAA+B;YACnC,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,uDAAuD;YAC9D,MAAM,EAAE,CAAC,GAAG;SACb,CAAC,CAAC;IACL,CAAC;IAED,sFAAsF;IACtF,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC;QACpB,MAAM,cAAc,GAAG,4BAA4B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClE,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,cAAc,GAAG,gDAAgD,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEtF,IAAI,cAAc,EAAE,CAAC;YACnB,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,uBAAuB;gBAC3B,IAAI,EAAE,SAAS;gBACf,KAAK,EAAE,gCAAgC;gBACvC,MAAM,EAAE,CAAC,GAAG;aACb,CAAC,CAAC;QACL,CAAC;QACD,IAAI,cAAc,IAAI,UAAU,EAAE,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,+BAA+B;gBACnC,IAAI,EAAE,SAAS;gBACf,KAAK,EAAE,6BAA6B;gBACpC,MAAM,EAAE,CAAC,GAAG;aACb,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yDAAyD;IACzD,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,IAAI,wBAAwB,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACnF,MAAM,iBAAiB,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QACnD,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC;YACtD,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,sBAAsB;gBAC1B,IAAI,EAAE,SAAS;gBACf,KAAK,EAAE,mEAAmE;gBAC1E,MAAM,EAAE,CAAC,GAAG;aACb,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,+EAA+E;IAC/E,4EAA4E;IAC5E,MAAM,SAAS,GAAG,QAAQ,EAAE,IAAI,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACjE,MAAM,SAAS,GAAG,QAAQ,EAAE,WAAW,IAAI,qBAAqB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC/E,IACE,SAAS;QACT,SAAS;QACT,qBAAqB,CAAC,IAAI,CAAC,OAAO,CAAC;QACnC,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,EACrC,CAAC;QACD,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,+BAA+B;YACnC,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,yDAAyD;YAChE,MAAM,EAAE,CAAC,GAAG;SACb,CAAC,CAAC;IACL,CAAC;IAED,oDAAoD;IACpD,gFAAgF;IAChF,iFAAiF;IACjF,2DAA2D;IAC3D,MAAM,aAAa,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IAC1D,MAAM,eAAe,GAAG,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IAC/D,MAAM,gBAAgB,GAAG,oCAAoC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,2CAA2C,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC/E,0CAA0C;IAC1C,IAAI,aAAa,IAAI,eAAe,IAAI,CAAC,gBAAgB,IAAI,YAAY,CAAC,EAAE,CAAC;QAC3E,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,8BAA8B;YAClC,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,4DAA4D;YACnE,MAAM,EAAE,CAAC,GAAG;SACb,CAAC,CAAC;IACL,CAAC;IACD,0FAA0F;IAC1F,MAAM,aAAa,GAAG,+BAA+B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpE,MAAM,aAAa,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAClD,MAAM,cAAc,GAAG,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpD,IAAI,SAAS,IAAI,SAAS,IAAI,CAAC,aAAa,IAAI,aAAa,IAAI,cAAc,CAAC,EAAE,CAAC;QACjF,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,4BAA4B;YAChC,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,+DAA+D;YACtE,MAAM,EAAE,CAAC,GAAG;SACb,CAAC,CAAC;IACL,CAAC;IACD,yFAAyF;IACzF,yFAAyF;IACzF,IAAI,SAAS,IAAI,SAAS,IAAI,CAAC,aAAa,IAAI,CAAC,aAAa,IAAI,CAAC,aAAa,EAAE,CAAC;QACjF,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,wBAAwB;YAC5B,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,qDAAqD;YAC5D,MAAM,EAAE,CAAC,GAAG;SACb,CAAC,CAAC;IACL,CAAC;IAED,oEAAoE;IACpE,IAAI,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACrC,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,0BAA0B;YAC9B,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,2DAA2D;YAClE,MAAM,EAAE,CAAC,GAAG;SACb,CAAC,CAAC;IACL,CAAC;IAED,wEAAwE;IACxE,gEAAgE;IAChE,oDAAoD;IACpD,MAAM,aAAa,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;IAC9E,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;QACvB,uDAAuD;QACvD,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,8BAA8B;YAClC,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,yCAAyC,aAAa,gBAAgB;YAC7E,MAAM,EAAE,CAAC,GAAG;SACb,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;QAC9B,2CAA2C;QAC3C,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,uBAAuB;YAC3B,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,uCAAuC,aAAa,gBAAgB;YAC3E,MAAM,EAAE,CAAC,GAAG;SACb,CAAC,CAAC;IACL,CAAC;IAED,6BAA6B;IAE7B,IAAI,UAAU,GAAG,GAAG,CAAC;IACrB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC;IAC9B,CAAC;IACD,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,CAAC;IAEtD,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC;AACjC,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
export { scanContent } from './scanner.js';
|
|
7
7
|
export type { Severity, FindingCategory, Finding, CheckResult, RiskLevel, ContextSignal, ContextSignals, SkillMetadata, SkillManifest, ATRRuleCompiled, CompiledRule, ScanOptions, ScanResult, } from './types.js';
|
|
8
8
|
export { contentHash, patternHash } from './hash-utils.js';
|
|
9
|
-
export { stripMarkdownNoise, extractCodeBlocks, stripCodeBlocks } from './markdown-utils.js';
|
|
9
|
+
export { stripMarkdownNoise, extractCodeBlocks, stripCodeBlocks, stripNegationSections, prepareContent, } from './markdown-utils.js';
|
|
10
10
|
export { parseManifestFromString, parseSkillName } from './manifest-parser.js';
|
|
11
11
|
export { detectContextSignals } from './context-signals.js';
|
|
12
12
|
export { checkInstructions } from './instruction-patterns.js';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAG3C,YAAY,EACV,QAAQ,EACR,eAAe,EACf,OAAO,EACP,WAAW,EACX,SAAS,EACT,aAAa,EACb,cAAc,EACd,aAAa,EACb,aAAa,EACb,eAAe,EACf,YAAY,EACZ,WAAW,EACX,UAAU,GACX,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC3D,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAG3C,YAAY,EACV,QAAQ,EACR,eAAe,EACf,OAAO,EACP,WAAW,EACX,SAAS,EACT,aAAa,EACb,cAAc,EACd,aAAa,EACb,aAAa,EACb,eAAe,EACf,YAAY,EACZ,WAAW,EACX,UAAU,GACX,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC3D,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,eAAe,EACf,qBAAqB,EACrB,cAAc,GACf,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,uBAAuB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC5D,YAAY,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
export { scanContent } from './scanner.js';
|
|
8
8
|
// Sub-modules (for consumers that need individual pieces)
|
|
9
9
|
export { contentHash, patternHash } from './hash-utils.js';
|
|
10
|
-
export { stripMarkdownNoise, extractCodeBlocks, stripCodeBlocks } from './markdown-utils.js';
|
|
10
|
+
export { stripMarkdownNoise, extractCodeBlocks, stripCodeBlocks, stripNegationSections, prepareContent, } from './markdown-utils.js';
|
|
11
11
|
export { parseManifestFromString, parseSkillName } from './manifest-parser.js';
|
|
12
12
|
export { detectContextSignals } from './context-signals.js';
|
|
13
13
|
export { checkInstructions } from './instruction-patterns.js';
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,mBAAmB;AACnB,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAmB3C,0DAA0D;AAC1D,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC3D,OAAO,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,mBAAmB;AACnB,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAmB3C,0DAA0D;AAC1D,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC3D,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,eAAe,EACf,qBAAqB,EACrB,cAAc,GACf,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,uBAAuB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"instruction-patterns.d.ts","sourceRoot":"","sources":["../src/instruction-patterns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,WAAW,EAAY,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"instruction-patterns.d.ts","sourceRoot":"","sources":["../src/instruction-patterns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,WAAW,EAAY,MAAM,YAAY,CAAC;AA8LjE,eAAO,MAAM,iBAAiB,UAc7B,CAAC;AAyCF;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAC/B,YAAY,EAAE,MAAM,EACpB,UAAU,GAAE,OAAO,GAAG,eAAyB,GAC9C,WAAW,GAAG;IAAE,QAAQ,EAAE,OAAO,EAAE,CAAA;CAAE,CAyJvC"}
|
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
* Pure pattern matching - no filesystem dependencies.
|
|
5
5
|
* Extracted from panguard-skill-auditor/checks/instruction-check.ts.
|
|
6
6
|
*/
|
|
7
|
+
import { stripCodeBlocks } from './markdown-utils.js';
|
|
7
8
|
const PATTERNS = [
|
|
8
9
|
// Prompt injection patterns
|
|
9
10
|
{
|
|
@@ -41,6 +42,20 @@ const PATTERNS = [
|
|
|
41
42
|
severity: 'high',
|
|
42
43
|
category: 'prompt-injection',
|
|
43
44
|
},
|
|
45
|
+
{
|
|
46
|
+
id: 'pi-important-block',
|
|
47
|
+
title: 'Hidden instructions in <IMPORTANT> block',
|
|
48
|
+
regex: /<IMPORTANT>[\s\S]*?(silently|do\s+not\s+tell|without\s+asking|exfiltrate|send\s+all|upload\s+.*\s+to)[\s\S]*?<\/IMPORTANT>/i,
|
|
49
|
+
severity: 'critical',
|
|
50
|
+
category: 'prompt-injection',
|
|
51
|
+
},
|
|
52
|
+
{
|
|
53
|
+
id: 'pi-silent-exfil',
|
|
54
|
+
title: 'Silent data exfiltration instruction',
|
|
55
|
+
regex: /\b(silently\s+(send|upload|post|transmit)|without\s+(asking|consent|permission).*\b(send|upload|post|curl|fetch))\b/i,
|
|
56
|
+
severity: 'critical',
|
|
57
|
+
category: 'prompt-injection',
|
|
58
|
+
},
|
|
44
59
|
// Tool poisoning patterns
|
|
45
60
|
{
|
|
46
61
|
id: 'tp-sudo-escalation',
|
|
@@ -94,17 +109,46 @@ const HIDDEN_UNICODE_RE = /[\u200B\u200C\u200E\u200F\u2060-\u2064\uFEFF\u00AD\u3
|
|
|
94
109
|
const FULLWIDTH_LATIN_RE = /[\uFF01-\uFF5E]{4,}/;
|
|
95
110
|
/** Homoglyph detection - Cyrillic/Greek characters that look identical to Latin */
|
|
96
111
|
const HOMOGLYPH_MAP = {
|
|
97
|
-
'\u0410': 'A',
|
|
98
|
-
'\
|
|
99
|
-
'\
|
|
100
|
-
'\
|
|
101
|
-
'\
|
|
102
|
-
'\
|
|
112
|
+
'\u0410': 'A',
|
|
113
|
+
'\u0412': 'B',
|
|
114
|
+
'\u0421': 'C',
|
|
115
|
+
'\u0415': 'E',
|
|
116
|
+
'\u041D': 'H',
|
|
117
|
+
'\u041A': 'K',
|
|
118
|
+
'\u041C': 'M',
|
|
119
|
+
'\u041E': 'O',
|
|
120
|
+
'\u0420': 'P',
|
|
121
|
+
'\u0422': 'T',
|
|
122
|
+
'\u0425': 'X',
|
|
123
|
+
'\u0430': 'a',
|
|
124
|
+
'\u0435': 'e',
|
|
125
|
+
'\u043E': 'o',
|
|
126
|
+
'\u0440': 'p',
|
|
127
|
+
'\u0441': 'c',
|
|
128
|
+
'\u0443': 'y',
|
|
129
|
+
'\u0445': 'x',
|
|
130
|
+
'\u0455': 's',
|
|
131
|
+
'\u0456': 'i',
|
|
132
|
+
'\u0458': 'j',
|
|
133
|
+
'\u0471': 'v',
|
|
134
|
+
'\u0473': 'w',
|
|
103
135
|
// Greek
|
|
104
|
-
'\u0391': 'A',
|
|
105
|
-
'\
|
|
106
|
-
'\
|
|
107
|
-
'\
|
|
136
|
+
'\u0391': 'A',
|
|
137
|
+
'\u0392': 'B',
|
|
138
|
+
'\u0395': 'E',
|
|
139
|
+
'\u0396': 'Z',
|
|
140
|
+
'\u0397': 'H',
|
|
141
|
+
'\u0399': 'I',
|
|
142
|
+
'\u039A': 'K',
|
|
143
|
+
'\u039C': 'M',
|
|
144
|
+
'\u039D': 'N',
|
|
145
|
+
'\u039F': 'O',
|
|
146
|
+
'\u03A1': 'P',
|
|
147
|
+
'\u03A4': 'T',
|
|
148
|
+
'\u03A5': 'Y',
|
|
149
|
+
'\u03A7': 'X',
|
|
150
|
+
'\u03B1': 'a',
|
|
151
|
+
'\u03BF': 'o',
|
|
108
152
|
'\u03C1': 'p',
|
|
109
153
|
};
|
|
110
154
|
const HOMOGLYPH_RE = new RegExp(`[${Object.keys(HOMOGLYPH_MAP).join('')}]`);
|
|
@@ -118,16 +162,26 @@ const HEX_BLOCK_RE = /\b([0-9a-fA-F]{2}){12,}\b/g;
|
|
|
118
162
|
// Safe install URLs
|
|
119
163
|
// ---------------------------------------------------------------------------
|
|
120
164
|
export const SAFE_INSTALL_URLS = [
|
|
121
|
-
'bun.sh/install',
|
|
122
|
-
'
|
|
123
|
-
'
|
|
124
|
-
'raw.githubusercontent.com/
|
|
165
|
+
'bun.sh/install',
|
|
166
|
+
'get.docker.com',
|
|
167
|
+
'install.python-poetry.org',
|
|
168
|
+
'raw.githubusercontent.com/nvm-sh/nvm',
|
|
169
|
+
'sh.rustup.rs',
|
|
170
|
+
'deno.land/install',
|
|
171
|
+
'get.pnpm.io/install',
|
|
172
|
+
'brew.sh',
|
|
173
|
+
'ohmyz.sh/install',
|
|
174
|
+
'raw.githubusercontent.com/Homebrew',
|
|
175
|
+
'sdk.cloud.google.com',
|
|
176
|
+
'cli.github.com',
|
|
125
177
|
'astral.sh/uv',
|
|
126
178
|
];
|
|
127
179
|
function isSafeInstallCommand(instructions, matchIndex) {
|
|
128
180
|
const lineStart = instructions.lastIndexOf('\n', matchIndex) + 1;
|
|
129
181
|
const lineEnd = instructions.indexOf('\n', matchIndex);
|
|
130
|
-
const line = instructions
|
|
182
|
+
const line = instructions
|
|
183
|
+
.substring(lineStart, lineEnd === -1 ? undefined : lineEnd)
|
|
184
|
+
.toLowerCase();
|
|
131
185
|
return SAFE_INSTALL_URLS.some((url) => line.includes(url.toLowerCase()));
|
|
132
186
|
}
|
|
133
187
|
// ---------------------------------------------------------------------------
|
|
@@ -135,11 +189,16 @@ function isSafeInstallCommand(instructions, matchIndex) {
|
|
|
135
189
|
// ---------------------------------------------------------------------------
|
|
136
190
|
function downgradeSeverity(severity) {
|
|
137
191
|
switch (severity) {
|
|
138
|
-
case 'critical':
|
|
139
|
-
|
|
140
|
-
case '
|
|
141
|
-
|
|
142
|
-
|
|
192
|
+
case 'critical':
|
|
193
|
+
return 'medium';
|
|
194
|
+
case 'high':
|
|
195
|
+
return 'low';
|
|
196
|
+
case 'medium':
|
|
197
|
+
return 'low';
|
|
198
|
+
case 'low':
|
|
199
|
+
return 'info';
|
|
200
|
+
default:
|
|
201
|
+
return severity;
|
|
143
202
|
}
|
|
144
203
|
}
|
|
145
204
|
function isInSetupSection(instructions, matchIndex) {
|
|
@@ -157,6 +216,8 @@ function isInSetupSection(instructions, matchIndex) {
|
|
|
157
216
|
*/
|
|
158
217
|
export function checkInstructions(instructions, sourceType = 'skill') {
|
|
159
218
|
const findings = [];
|
|
219
|
+
// Prepare prose (code blocks stripped) for two-pass matching
|
|
220
|
+
const prose = stripCodeBlocks(instructions);
|
|
160
221
|
// Pattern matching
|
|
161
222
|
for (const pattern of PATTERNS) {
|
|
162
223
|
const match = pattern.regex.exec(instructions);
|
|
@@ -183,6 +244,11 @@ export function checkInstructions(instructions, sourceType = 'skill') {
|
|
|
183
244
|
if (sourceType === 'documentation') {
|
|
184
245
|
severity = downgradeSeverity(severity);
|
|
185
246
|
}
|
|
247
|
+
// Two-pass: if pattern only matches in code blocks (not prose),
|
|
248
|
+
// downgrade — it's likely a documentation example, not an instruction
|
|
249
|
+
if (pattern.category === 'tool-poisoning' && !pattern.regex.test(prose)) {
|
|
250
|
+
severity = downgradeSeverity(severity);
|
|
251
|
+
}
|
|
186
252
|
findings.push({
|
|
187
253
|
id: pattern.id,
|
|
188
254
|
title: pattern.title,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"instruction-patterns.js","sourceRoot":"","sources":["../src/instruction-patterns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;
|
|
1
|
+
{"version":3,"file":"instruction-patterns.js","sourceRoot":"","sources":["../src/instruction-patterns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AActD,MAAM,QAAQ,GAAuB;IACnC,4BAA4B;IAC5B;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,gDAAgD;QACvD,KAAK,EACH,yIAAyI;QAC3I,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,qCAAqC;QAC5C,KAAK,EACH,kNAAkN;QACpN,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,KAAK,EAAE,8CAA8C;QACrD,KAAK,EAAE,6EAA6E;QACpF,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,qCAAqC;QAC5C,KAAK,EACH,gMAAgM;QAClM,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,wCAAwC;QAC/C,KAAK,EAAE,gEAAgE;QACvE,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,0CAA0C;QACjD,KAAK,EACH,6HAA6H;QAC/H,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,KAAK,EAAE,sCAAsC;QAC7C,KAAK,EACH,sHAAsH;QACxH,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,kBAAkB;KAC7B;IAED,0BAA0B;IAC1B;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,qCAAqC;QAC5C,KAAK,EAAE,gFAAgF;QACvF,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;KAC3B;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,KAAK,EAAE,gCAAgC;QACvC,KAAK,EACH,8MAA8M;QAChN,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,gBAAgB;KAC3B;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,KAAK,EAAE,qCAAqC;QAC5C,KAAK,EAAE,kEAAkE;QACzE,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,gBAAgB;KAC3B;IACD;QACE,EAAE,EAAE,cAAc;QAClB,KAAK,EAAE,mCAAmC;QAC1C,KAAK,EACH,uGAAuG;QACzG,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,gBAAgB;KAC3B;IACD;QACE,EAAE,EAAE,eAAe;QACnB,KAAK,EAAE,+BAA+B;QACtC,KAAK,EACH,mGAAmG;QACrG,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;KAC3B;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,KAAK,EAAE,6BAA6B;QACpC,KAAK,EAAE,0DAA0D;QACjE,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;KAC3B;CACF,CAAC;AAEF,8EAA8E;AAC9E,+BAA+B;AAC/B,8EAA8E;AAE9E,mEAAmE;AACnE,MAAM,iBAAiB,GACrB,gIAAgI,CAAC;AAEnI,iDAAiD;AACjD,MAAM,kBAAkB,GAAG,qBAAqB,CAAC;AAEjD,mFAAmF;AACnF,MAAM,aAAa,GAA2B;IAC5C,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ;IACR,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;CACd,CAAC;AACF,MAAM,YAAY,GAAG,IAAI,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;AAE5E,wCAAwC;AACxC,MAAM,eAAe,GAAG,2BAA2B,CAAC;AACpD,MAAM,kBAAkB,GACtB,4FAA4F,CAAC;AAE/F,oCAAoC;AACpC,MAAM,aAAa,GAAG,0BAA0B,CAAC;AACjD,MAAM,YAAY,GAAG,4BAA4B,CAAC;AAElD,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,gBAAgB;IAChB,gBAAgB;IAChB,2BAA2B;IAC3B,sCAAsC;IACtC,cAAc;IACd,mBAAmB;IACnB,qBAAqB;IACrB,SAAS;IACT,kBAAkB;IAClB,oCAAoC;IACpC,sBAAsB;IACtB,gBAAgB;IAChB,cAAc;CACf,CAAC;AAEF,SAAS,oBAAoB,CAAC,YAAoB,EAAE,UAAkB;IACpE,MAAM,SAAS,GAAG,YAAY,CAAC,WAAW,CAAC,IAAI,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC;IACjE,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IACvD,MAAM,IAAI,GAAG,YAAY;SACtB,SAAS,CAAC,SAAS,EAAE,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC;SAC1D,WAAW,EAAE,CAAC;IACjB,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;AAC3E,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,iBAAiB,CAAC,QAAkB;IAC3C,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU;YACb,OAAO,QAAQ,CAAC;QAClB,KAAK,MAAM;YACT,OAAO,KAAK,CAAC;QACf,KAAK,QAAQ;YACX,OAAO,KAAK,CAAC;QACf,KAAK,KAAK;YACR,OAAO,MAAM,CAAC;QAChB;YACE,OAAO,QAAQ,CAAC;IACpB,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,YAAoB,EAAE,UAAkB;IAChE,MAAM,MAAM,GAAG,YAAY,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,GAAG,CAAC,EAAE,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;IAC/F,OAAO,uGAAuG,CAAC,IAAI,CACjH,MAAM,CACP,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAC/B,YAAoB,EACpB,aAAwC,OAAO;IAE/C,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,6DAA6D;IAC7D,MAAM,KAAK,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IAE5C,mBAAmB;IACnB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC/C,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAE1E,iEAAiE;YACjE,IAAI,OAAO,CAAC,EAAE,KAAK,mBAAmB,IAAI,oBAAoB,CAAC,YAAY,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC1F,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,OAAO,CAAC,EAAE;oBACd,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,8BAA8B;oBACrD,WAAW,EAAE,sBAAsB,OAAO,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,sDAAsD;oBAC/H,QAAQ,EAAE,KAAK;oBACf,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,QAAQ,EAAE,YAAY,OAAO,EAAE;iBAChC,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;YAED,mEAAmE;YACnE,IAAI,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;YAChC,IAAI,gBAAgB,CAAC,YAAY,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChD,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YACzC,CAAC;YAED,+DAA+D;YAC/D,IAAI,UAAU,KAAK,eAAe,EAAE,CAAC;gBACnC,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YACzC,CAAC;YAED,gEAAgE;YAChE,sEAAsE;YACtE,IAAI,OAAO,CAAC,QAAQ,KAAK,gBAAgB,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACxE,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YACzC,CAAC;YAED,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,OAAO,CAAC,EAAE;gBACd,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,WAAW,EAAE,sBAAsB,OAAO,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG;gBAC5E,QAAQ;gBACR,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,QAAQ,EAAE,YAAY,OAAO,EAAE;aAChC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC1D,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;QACjF,MAAM,QAAQ,GAAG,YAAY,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACtD,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,gBAAgB;YACpB,KAAK,EAAE,oCAAoC;YAC3C,WAAW,EAAE,+BAA+B,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,YAAY,OAAO,oDAAoD;YACvK,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,kBAAkB;YAC5B,QAAQ,EAAE,YAAY,OAAO,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;IAED,sBAAsB;IACtB,MAAM,cAAc,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACvD,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;QACnF,MAAM,QAAQ,GAAG,cAAc,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACxD,MAAM,KAAK,GAAG,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC;QACtD,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,kBAAkB;YACtB,KAAK,EAAE,8BAA8B;YACrC,WAAW,EAAE,+BAA+B,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,iBAAiB,KAAK,cAAc,OAAO,0DAA0D;YACrM,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,kBAAkB;YAC5B,QAAQ,EAAE,YAAY,OAAO,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;IAED,oCAAoC;IACpC,MAAM,UAAU,GAAG,YAAY,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IACvD,IAAI,UAAU,EAAE,CAAC;QACf,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBAC7D,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBACrC,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,iBAAiB;wBACrB,KAAK,EAAE,mCAAmC;wBAC1C,WAAW,EAAE,kDAAkD,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM;wBAC7F,QAAQ,EAAE,UAAU;wBACpB,QAAQ,EAAE,kBAAkB;qBAC7B,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,yBAAyB;YAC3B,CAAC;QACH,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,MAAM,cAAc,GAAG,kBAAkB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC7D,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;QACnF,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,iBAAiB;YACrB,KAAK,EAAE,qCAAqC;YAC5C,WAAW,EAAE,4CAA4C,OAAO,mFAAmF;YACnJ,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,kBAAkB;YAC5B,QAAQ,EAAE,YAAY,OAAO,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;IAED,gCAAgC;IAChC,KAAK,MAAM,KAAK,IAAI,CAAC,aAAa,EAAE,YAAY,CAAC,EAAE,CAAC;QAClD,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC1C,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;gBAC5C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBAC1D,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBACrC,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,qBAAqB;wBACzB,KAAK,EAAE,gCAAgC;wBACvC,WAAW,EAAE,sDAAsD,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM;wBACjG,QAAQ,EAAE,UAAU;wBACpB,QAAQ,EAAE,kBAAkB;qBAC7B,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,sBAAsB;YACxB,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;IACpE,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IAC5D,MAAM,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IAE/F,MAAM,KAAK,GACT,QAAQ,CAAC,MAAM,KAAK,CAAC;QACnB,CAAC,CAAC,+CAA+C;QACjD,CAAC,CAAC,kBAAkB,QAAQ,CAAC,MAAM,iCAAiC,CAAC;IAEzE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AACrC,CAAC"}
|
package/dist/markdown-utils.d.ts
CHANGED
|
@@ -13,4 +13,24 @@ export declare function stripMarkdownNoise(raw: string): string;
|
|
|
13
13
|
export declare function extractCodeBlocks(content: string): string;
|
|
14
14
|
/** Remove fenced code blocks from content */
|
|
15
15
|
export declare function stripCodeBlocks(content: string): string;
|
|
16
|
+
/**
|
|
17
|
+
* Strip negation/exclusion sections from content.
|
|
18
|
+
* Removes "When NOT to use", "Do NOT", "Never" sections that describe
|
|
19
|
+
* what the skill does NOT do — preventing false positives when these
|
|
20
|
+
* sections mention dangerous keywords for contrast.
|
|
21
|
+
*/
|
|
22
|
+
export declare function stripNegationSections(content: string): string;
|
|
23
|
+
/**
|
|
24
|
+
* Prepare content for security checks by separating prose from code blocks
|
|
25
|
+
* and removing negation sections. All check modules should use this
|
|
26
|
+
* instead of running patterns against raw content.
|
|
27
|
+
*/
|
|
28
|
+
export declare function prepareContent(raw: string): {
|
|
29
|
+
/** Prose only: code blocks and negation sections removed */
|
|
30
|
+
prose: string;
|
|
31
|
+
/** Content inside code blocks only */
|
|
32
|
+
codeBlocks: string;
|
|
33
|
+
/** Raw content unchanged */
|
|
34
|
+
raw: string;
|
|
35
|
+
};
|
|
16
36
|
//# sourceMappingURL=markdown-utils.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"markdown-utils.d.ts","sourceRoot":"","sources":["../src/markdown-utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAetD;AAED,8CAA8C;AAC9C,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAQzD;AAED,6CAA6C;AAC7C,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEvD"}
|
|
1
|
+
{"version":3,"file":"markdown-utils.d.ts","sourceRoot":"","sources":["../src/markdown-utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAetD;AAED,8CAA8C;AAC9C,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAQzD;AAED,6CAA6C;AAC7C,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEvD;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAW7D;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG;IAC3C,4DAA4D;IAC5D,KAAK,EAAE,MAAM,CAAC;IACd,sCAAsC;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,4BAA4B;IAC5B,GAAG,EAAE,MAAM,CAAC;CACb,CAIA"}
|