codex-plugin-doctor 0.13.0 → 0.15.0

package/dist/core/risk-diff.js

@@ -0,0 +1,102 @@
+import { buildPackageAnalysis } from "./package-analysis.js";
+function findingKey(finding) {
+    return `${finding.category}\n${finding.id}\n${finding.message}`;
+}
+function collectComparableFindings(analysis) {
+    const findings = [
+        ...analysis.validation.findings.map((finding) => ({
+            ...finding,
+            category: "validation"
+        })),
+        ...analysis.security.findings.map((finding) => ({
+            ...finding,
+            category: "security"
+        }))
+    ];
+    const seen = new Set();
+    return findings.filter((finding) => {
+        const key = findingKey(finding);
+        if (seen.has(key)) {
+            return false;
+        }
+        seen.add(key);
+        return true;
+    });
+}
+function compareFindings(beforeFindings, afterFindings) {
+    const beforeKeys = new Set(beforeFindings.map(findingKey));
+    const afterKeys = new Set(afterFindings.map(findingKey));
+    return {
+        newFindings: afterFindings.filter((finding) => !beforeKeys.has(findingKey(finding))),
+        resolvedFindings: beforeFindings.filter((finding) => !afterKeys.has(findingKey(finding)))
+    };
+}
+export async function buildDoctorRiskDiffReport(beforePath, afterPath, options = {}) {
+    const [beforeAnalysis, afterAnalysis] = await Promise.all([
+        buildPackageAnalysis(beforePath, { environment: options.environment }),
+        buildPackageAnalysis(afterPath, { environment: options.environment })
+    ]);
+    const { newFindings, resolvedFindings } = compareFindings(collectComparableFindings(beforeAnalysis), collectComparableFindings(afterAnalysis));
+    const trustScoreDelta = afterAnalysis.trust.score - beforeAnalysis.trust.score;
+    const hasNewFailure = newFindings.some((finding) => finding.severity === "fail");
+    const hasNewWarning = newFindings.some((finding) => finding.severity === "warn");
+    const riskIncreased = hasNewFailure || trustScoreDelta < 0;
+    const status = riskIncreased
+        ? "fail"
+        : hasNewWarning
+            ? "warn"
+            : "pass";
+    return {
+        schemaVersion: "1.0.0",
+        generatedAt: new Date().toISOString(),
+        kind: "doctor.risk.diff",
+        beforePath: beforeAnalysis.targetPath,
+        afterPath: afterAnalysis.targetPath,
+        status,
+        exitCode: status === "fail" ? 1 : 0,
+        summary: {
+            riskIncreased,
+            newFindings: newFindings.length,
+            resolvedFindings: resolvedFindings.length,
+            trustScoreBefore: beforeAnalysis.trust.score,
+            trustScoreAfter: afterAnalysis.trust.score,
+            trustScoreDelta
+        },
+        newFindings,
+        resolvedFindings
+    };
+}
+export function renderDoctorRiskDiffReportJson(report) {
+    return JSON.stringify(report, null, 2);
+}
+export function renderDoctorRiskDiffReport(report, options = {}) {
+    const lines = [
+        "Doctor Risk Diff",
+        "================",
+        `Status: ${report.status.toUpperCase()}`,
+        `Before: ${report.beforePath}`,
+        `After: ${report.afterPath}`,
+        `Risk increased: ${report.summary.riskIncreased ? "yes" : "no"}`,
+        `Trust score delta: ${report.summary.trustScoreDelta}`,
+        `New findings: ${report.summary.newFindings}`,
+        `Resolved findings: ${report.summary.resolvedFindings}`
+    ];
+    if (options.outputPath) {
+        lines.push(`Output: ${options.outputPath}`);
+    }
+    if (report.newFindings.length > 0) {
+        lines.push("", "New Findings", "------------");
+        for (const finding of report.newFindings) {
+            lines.push(`[${finding.severity.toUpperCase()}] ${finding.category}: ${finding.id}`);
+            lines.push(`  Message: ${finding.message}`);
+        }
+    }
+    if (report.resolvedFindings.length > 0) {
+        lines.push("", "Resolved Findings", "-----------------");
+        for (const finding of report.resolvedFindings) {
+            lines.push(`[${finding.severity.toUpperCase()}] ${finding.category}: ${finding.id}`);
+            lines.push(`  Message: ${finding.message}`);
+        }
+    }
+    return lines.join("\n");
+}

package/dist/index.d.ts

@@ -1,9 +1,13 @@
 import type { CheckOptions, CheckResult } from "./domain/types.js";
 export { buildSecurityAudit, renderSecurityAuditJson, renderSecurityScorecard, type SecurityAudit } from "./security/security-audit.js";
-export { buildTrustScore, renderTrustScore, renderTrustScoreJson, type TrustScoreReport } from "./security/trust-score.js";
+export { buildTrustScore, renderTrustScore, renderTrustScoreJson, type BuildTrustScoreOptions, type TrustScoreReport } from "./security/trust-score.js";
 export { buildDoctorSnapshot, renderDoctorSnapshot, renderDoctorSnapshotJson, type DoctorSnapshot } from "./core/doctor-snapshot.js";
 export { buildDoctorRecommendations, renderDoctorRecommendations, renderDoctorRecommendationsJson, type DoctorRecommendationAction, type DoctorRecommendationsReport } from "./core/doctor-recommendations.js";
 export { buildDoctorExportBundle, renderDoctorExportBundle, renderDoctorExportBundleJson, type DoctorExportBundle } from "./core/doctor-export-bundle.js";
+export { buildDoctorExportBundleFromAnalysis, buildDoctorRecommendationsFromAnalysis, buildPackageAnalysis, type PackageAnalysis, type PackageAnalysisOptions, type PackageAnalysisStage, type PackageAnalysisTiming } from "./core/package-analysis.js";
+export { buildDoctorPerformanceReport, renderDoctorPerformanceReport, renderDoctorPerformanceReportJson, type BuildDoctorPerformanceReportOptions, type DoctorPerformanceReport, type DoctorPerformanceStage, type DoctorPerformanceStageName } from "./core/performance-report.js";
+export { buildDoctorNpmPackageReport, renderDoctorNpmPackageReport, renderDoctorNpmPackageReportJson, type BuildDoctorNpmPackageReportOptions, type DoctorNpmPackageReport } from "./core/npm-package-doctor.js";
+export { buildDoctorRiskDiffReport, renderDoctorRiskDiffReport, renderDoctorRiskDiffReportJson, type BuildDoctorRiskDiffReportOptions, type DoctorRiskDiffReport, type RiskDiffFinding, type RiskFindingCategory } from "./core/risk-diff.js";
 export { buildEcosystemAudit, renderEcosystemAudit, renderEcosystemAuditJson, type EcosystemAuditReport } from "./audit/ecosystem-audit.js";
 export { applyPolicyToDoctorConfig, applyPolicyToSecurityAudit, parsePolicyPack, policyEnablesRuntime, policyFailsOnWarnings, policyPackNames, type PolicyPackName } from "./policy/policy-packs.js";
 export { buildGenericMcpDoctor, renderGenericMcpDoctor, renderGenericMcpDoctorJson, type GenericMcpDoctorReport } from "./mcp/generic-mcp-doctor.js";

package/dist/index.js

@@ -4,6 +4,10 @@ export { buildTrustScore, renderTrustScore, renderTrustScoreJson } from "./secur
 export { buildDoctorSnapshot, renderDoctorSnapshot, renderDoctorSnapshotJson } from "./core/doctor-snapshot.js";
 export { buildDoctorRecommendations, renderDoctorRecommendations, renderDoctorRecommendationsJson } from "./core/doctor-recommendations.js";
 export { buildDoctorExportBundle, renderDoctorExportBundle, renderDoctorExportBundleJson } from "./core/doctor-export-bundle.js";
+export { buildDoctorExportBundleFromAnalysis, buildDoctorRecommendationsFromAnalysis, buildPackageAnalysis } from "./core/package-analysis.js";
+export { buildDoctorPerformanceReport, renderDoctorPerformanceReport, renderDoctorPerformanceReportJson } from "./core/performance-report.js";
+export { buildDoctorNpmPackageReport, renderDoctorNpmPackageReport, renderDoctorNpmPackageReportJson } from "./core/npm-package-doctor.js";
+export { buildDoctorRiskDiffReport, renderDoctorRiskDiffReport, renderDoctorRiskDiffReportJson } from "./core/risk-diff.js";
 export { buildEcosystemAudit, renderEcosystemAudit, renderEcosystemAuditJson } from "./audit/ecosystem-audit.js";
 export { applyPolicyToDoctorConfig, applyPolicyToSecurityAudit, parsePolicyPack, policyEnablesRuntime, policyFailsOnWarnings, policyPackNames } from "./policy/policy-packs.js";
 export { buildGenericMcpDoctor, renderGenericMcpDoctor, renderGenericMcpDoctorJson } from "./mcp/generic-mcp-doctor.js";

package/dist/rules/rule-catalog.js

@@ -215,6 +215,15 @@ export const ruleCatalog = [
         fix: "Use HTTPS for remote MCP servers; reserve HTTP for explicit localhost development endpoints.",
         example: '{ "url": "https://example.com/mcp" }'
     },
+    {
+        id: "plugin.security.prompt_injection_text",
+        category: "security",
+        defaultSeverity: "fail",
+        summary: "Packaged text contains prompt-injection or secret-exfiltration instructions.",
+        why: "Poisoned tool, prompt, resource, or skill text can instruct an agent to ignore higher-priority instructions or leak secrets when loaded into context.",
+        fix: "Remove hidden override or exfiltration instructions and keep descriptions scoped to legitimate behavior.",
+        example: "Keep SKILL.md, prompt, resource, and tool descriptions direct and user-facing."
+    },
     {
         id: "plugin.runtime.exited_early",
         category: "runtime",

package/dist/run-cli.js

@@ -16,6 +16,9 @@ import { applyDoctorConfig, loadDoctorConfig } from "./core/doctor-config.js";
 import { buildDoctorSnapshot, renderDoctorSnapshot, renderDoctorSnapshotJson } from "./core/doctor-snapshot.js";
 import { buildDoctorRecommendations, renderDoctorRecommendations, renderDoctorRecommendationsJson } from "./core/doctor-recommendations.js";
 import { buildDoctorExportBundle, renderDoctorExportBundle, renderDoctorExportBundleJson } from "./core/doctor-export-bundle.js";
+import { buildDoctorPerformanceReport, renderDoctorPerformanceReport, renderDoctorPerformanceReportJson } from "./core/performance-report.js";
+import { buildDoctorNpmPackageReport, renderDoctorNpmPackageReport, renderDoctorNpmPackageReportJson } from "./core/npm-package-doctor.js";
+import { buildDoctorRiskDiffReport, renderDoctorRiskDiffReport, renderDoctorRiskDiffReportJson } from "./core/risk-diff.js";
 import { applyFixPlan, buildFixPlan, renderApplyFixResult, renderFixPlanJsonReport, renderFixPlan } from "./core/fix-plan.js";
 import { renderClientDoctor, renderEnvironmentDoctor, renderEnvironmentDoctorJson } from "./core/environment-doctor.js";
 import { initCiWorkflow } from "./core/init-ci.js";
@@ -61,7 +64,7 @@ const defaultIo = {
     }
 };
 function printUsage(io) {
-    io.writeStderr("Usage: codex-plugin-doctor check <path|--installed> [filter] [--policy codex-publish|mcp-strict|security] [--compat] [--json|--markdown|--badge-json|--badge-markdown] [--output <path>] [--history <path>] [--runtime] [--verbose-runtime] [--explain] [--no-animations] [--ascii]\n       codex-plugin-doctor audit --installed [filter] [--policy codex-publish|mcp-strict|security] [--security] [--compat] [--json] [--output <path>]\n       codex-plugin-doctor mcp <path> [--json] [--output <path>]\n       codex-plugin-doctor security <path> [--policy security] [--json|--scorecard]\n       codex-plugin-doctor compat <path> [--all|--client <client>] [--json] [--scorecard] [--output <path>] [--install-preview|--apply --backup]\n       codex-plugin-doctor fix <path> (--dry-run|--interactive --backup|--apply --backup)\n       codex-plugin-doctor history <history.jsonl> [--json] [--fail-on-regression]\n       codex-plugin-doctor doctor [recommend <path>|trust <path>|export --bundle <path>|snapshot|clients|--json|--update-check]\n       codex-plugin-doctor init [path] [--template skill-only|mcp-stdio|mcp-http|full-runtime]\n       codex-plugin-doctor init-ci [path]\n       codex-plugin-doctor self-test\n       codex-plugin-doctor list --installed\n       codex-plugin-doctor explain <finding-id>\n       codex-plugin-doctor --version\n\nFirst run:\n       codex-plugin-doctor doctor\n       codex-plugin-doctor self-test\n       codex-plugin-doctor init my-plugin\n       codex-plugin-doctor check . --runtime --explain");
+    io.writeStderr("Usage: codex-plugin-doctor check <path|--installed> [filter] [--policy codex-publish|mcp-strict|security] [--compat] [--json|--markdown|--badge-json|--badge-markdown] [--output <path>] [--history <path>] [--runtime] [--verbose-runtime] [--explain] [--no-animations] [--ascii]\n       codex-plugin-doctor audit --installed [filter] [--policy codex-publish|mcp-strict|security] [--security] [--compat] [--json] [--output <path>] [--cache] [--changed]\n       codex-plugin-doctor mcp <path> [--json] [--output <path>]\n       codex-plugin-doctor security <path> [--policy security] [--json|--scorecard]\n       codex-plugin-doctor compat <path> [--all|--client <client>] [--json] [--scorecard] [--output <path>] [--install-preview|--apply --backup]\n       codex-plugin-doctor fix <path> (--dry-run|--interactive --backup|--apply --backup)\n       codex-plugin-doctor history <history.jsonl> [--json] [--fail-on-regression]\n       codex-plugin-doctor doctor [npm <package>|diff --before <path> --after <path>|recommend <path>|trust <path>|perf <path>|export --bundle <path>|snapshot|clients|--json|--update-check]\n       codex-plugin-doctor init [path] [--template skill-only|mcp-stdio|mcp-http|full-runtime]\n       codex-plugin-doctor init-ci [path]\n       codex-plugin-doctor self-test\n       codex-plugin-doctor list --installed\n       codex-plugin-doctor explain <finding-id>\n       codex-plugin-doctor --version\n\nFirst run:\n       codex-plugin-doctor doctor\n       codex-plugin-doctor self-test\n       codex-plugin-doctor init my-plugin\n       codex-plugin-doctor check . --runtime --explain");
 }
 function renderInstalledPlugins(plugins) {
     const lines = [
@@ -226,6 +229,68 @@ export async function runCli(args, io = defaultIo, options = {}) {
             io.writeStdout(renderedReport);
             return report.exitCode;
         }
+        if (maybePath === "npm") {
+            const packageSpec = remainingArgs[0] && !remainingArgs[0].startsWith("--")
+                ? remainingArgs[0]
+                : null;
+            if (!packageSpec) {
+                io.writeStderr("Missing package spec. Usage: codex-plugin-doctor doctor npm <package> [--json] [--output <path>]");
+                return 2;
+            }
+            const npmFlags = remainingArgs.slice(1);
+            const jsonOutput = npmFlags.includes("--json");
+            const outputIndex = npmFlags.indexOf("--output");
+            const outputPath = outputIndex === -1 ? null : npmFlags[outputIndex + 1];
+            if (outputIndex !== -1 && (!outputPath || outputPath.startsWith("--"))) {
+                io.writeStderr("Missing path after --output.");
+                return 2;
+            }
+            const report = await buildDoctorNpmPackageReport(packageSpec, {
+                environment: {
+                    env: terminalContext.env,
+                    platform: terminalContext.platform
+                }
+            });
+            const renderedReport = jsonOutput
+                ? renderDoctorNpmPackageReportJson(report)
+                : renderDoctorNpmPackageReport(report, { outputPath });
+            if (outputPath) {
+                await writeFile(outputPath, renderedReport, "utf8");
+            }
+            io.writeStdout(renderedReport);
+            return report.summary.exitCode;
+        }
+        if (maybePath === "diff") {
+            const beforeIndex = remainingArgs.indexOf("--before");
+            const afterIndex = remainingArgs.indexOf("--after");
+            const beforePath = beforeIndex === -1 ? null : remainingArgs[beforeIndex + 1];
+            const afterPath = afterIndex === -1 ? null : remainingArgs[afterIndex + 1];
+            if (!beforePath || beforePath.startsWith("--") || !afterPath || afterPath.startsWith("--")) {
+                io.writeStderr("Usage: codex-plugin-doctor doctor diff --before <path> --after <path> [--json] [--output <path>]");
+                return 2;
+            }
+            const jsonOutput = remainingArgs.includes("--json");
+            const outputIndex = remainingArgs.indexOf("--output");
+            const outputPath = outputIndex === -1 ? null : remainingArgs[outputIndex + 1];
+            if (outputIndex !== -1 && (!outputPath || outputPath.startsWith("--"))) {
+                io.writeStderr("Missing path after --output.");
+                return 2;
+            }
+            const report = await buildDoctorRiskDiffReport(beforePath, afterPath, {
+                environment: {
+                    env: terminalContext.env,
+                    platform: terminalContext.platform
+                }
+            });
+            const renderedReport = jsonOutput
+                ? renderDoctorRiskDiffReportJson(report)
+                : renderDoctorRiskDiffReport(report, { outputPath });
+            if (outputPath) {
+                await writeFile(outputPath, renderedReport, "utf8");
+            }
+            io.writeStdout(renderedReport);
+            return report.exitCode;
+        }
         if (maybePath === "trust") {
             const targetPath = remainingArgs[0] && !remainingArgs[0].startsWith("--")
                 ? remainingArgs[0]
@@ -250,6 +315,38 @@ export async function runCli(args, io = defaultIo, options = {}) {
             io.writeStdout(renderedReport);
             return report.exitCode;
         }
+        if (maybePath === "perf") {
+            const targetPath = remainingArgs[0] && !remainingArgs[0].startsWith("--")
+                ? remainingArgs[0]
+                : ".";
+            const perfFlags = remainingArgs[0] && !remainingArgs[0].startsWith("--")
+                ? remainingArgs.slice(1)
+                : remainingArgs;
+            const jsonOutput = perfFlags.includes("--json");
+            const outputIndex = perfFlags.indexOf("--output");
+            const outputPath = outputIndex === -1 ? null : perfFlags[outputIndex + 1];
+            if (outputIndex !== -1 && (!outputPath || outputPath.startsWith("--"))) {
+                io.writeStderr("Missing path after --output.");
+                return 2;
+            }
+            const report = await buildDoctorPerformanceReport(targetPath, {
+                environment: {
+                    env: terminalContext.env,
+                    platform: terminalContext.platform
+                },
+                runCheck: options.runCheckImpl
+                    ? (pathToCheck) => options.runCheckImpl(pathToCheck)
+                    : undefined
+            });
+            const renderedReport = jsonOutput
+                ? renderDoctorPerformanceReportJson(report)
+                : renderDoctorPerformanceReport(report, { outputPath });
+            if (outputPath) {
+                await writeFile(outputPath, renderedReport, "utf8");
+            }
+            io.writeStdout(renderedReport);
+            return report.exitCode;
+        }
         if (maybePath === "export") {
             const bundleIndex = remainingArgs.indexOf("--bundle");
             if (bundleIndex === -1) {
@@ -520,7 +617,7 @@ export async function runCli(args, io = defaultIo, options = {}) {
         const auditFlags = maybePath ? [maybePath, ...remainingArgs] : remainingArgs;
         const installed = auditFlags.includes("--installed");
         if (!installed) {
-            io.writeStderr("Usage: codex-plugin-doctor audit --installed [filter] [--security] [--compat] [--json] [--output <path>]");
+            io.writeStderr("Usage: codex-plugin-doctor audit --installed [filter] [--security] [--compat] [--json] [--output <path>] [--cache] [--changed]");
             return 2;
         }
         const installedIndex = auditFlags.indexOf("--installed");
@@ -535,6 +632,10 @@ export async function runCli(args, io = defaultIo, options = {}) {
         const policyIndex = auditFlags.indexOf("--policy");
         const policyName = policyIndex === -1 ? null : auditFlags[policyIndex + 1];
         const policy = parsePolicyPack(policyName);
+        const cacheEnabled = auditFlags.includes("--cache") || auditFlags.includes("--changed");
+        const changedOnly = auditFlags.includes("--changed");
+        const cacheFileIndex = auditFlags.indexOf("--cache-file");
+        const cachePath = cacheFileIndex === -1 ? null : auditFlags[cacheFileIndex + 1];
         if (outputIndex !== -1 && (!outputPath || outputPath.startsWith("--"))) {
             io.writeStderr("Missing path after --output.");
             return 2;
@@ -543,6 +644,10 @@ export async function runCli(args, io = defaultIo, options = {}) {
             io.writeStderr("Missing policy after --policy.");
             return 2;
         }
+        if (cacheFileIndex !== -1 && (!cachePath || cachePath.startsWith("--"))) {
+            io.writeStderr("Missing path after --cache-file.");
+            return 2;
+        }
         if (policyIndex !== -1 && !policy) {
             io.writeStderr(`Unknown policy: ${policyName}. Supported policies: ${policyPackNames.join(", ")}.`);
             return 2;
@@ -554,9 +659,14 @@ export async function runCli(args, io = defaultIo, options = {}) {
             includeSecurity,
             includeCompatibility,
             failOnWarnings: policyFailsOnWarnings(policy),
+            cache: {
+                enabled: cacheEnabled,
+                changedOnly,
+                cachePath
+            },
             validatePlugin: options.runCheckImpl ?? runCheck
         });
-        if (report.summary.totalPlugins === 0) {
+        if (report.summary.totalPlugins === 0 && !changedOnly) {
             io.writeStderr(installedFilter
                 ? `No installed Codex plugins matched '${installedFilter}'.`
                 : "No installed Codex plugins found.");

package/dist/security/security-audit.js

@@ -1,3 +1,4 @@
+import { readFile, readdir, stat } from "node:fs/promises";
 import path from "node:path";
 import { discoverPackage } from "../core/discover-package.js";
 import { readJsonFile } from "../core/read-json-file.js";
@@ -40,6 +41,25 @@ function containsPipeInstaller(args) {
         /\b(iwr|irm|invoke-webrequest|invoke-restmethod)\b[^|]*\|\s*(iex|invoke-expression)\b/.test(joinedArgs) ||
         /\binvoke-expression\b/.test(joinedArgs));
 }
+const poisonScanExtensions = new Set([
+    ".json",
+    ".md",
+    ".mdx",
+    ".txt",
+    ".yaml",
+    ".yml"
+]);
+const poisonScanSkippedDirectories = new Set([
+    ".git",
+    "coverage",
+    "dist",
+    "node_modules"
+]);
+const promptInjectionPatterns = [
+    /\bignore\s+(?:all\s+)?(?:previous|prior|system|developer)\s+instructions?\b/i,
+    /\b(?:exfiltrate|steal|leak|upload|send)\b.{0,120}\b(?:secret|secrets|token|tokens|api\s*key|api\s*keys|credential|credentials|environment\s+variables?|env)\b/i,
+    /\bdo\s+not\s+(?:reveal|tell|mention|disclose)\b.{0,120}\b(?:instruction|instructions|prompt|prompts|system|developer)\b/i
+];
 export function auditMcpServerConfig(rootPath, parsedConfig) {
     if (!isPlainObject(parsedConfig) || !isPlainObject(parsedConfig.mcpServers)) {
         return [
@@ -76,6 +96,43 @@ export function auditMcpServerConfig(rootPath, parsedConfig) {
     }
     return findings;
 }
+async function collectPromptPoisoningScanFiles(rootPath, currentPath = rootPath) {
+    const entries = await readdir(currentPath, { withFileTypes: true });
+    const filePaths = [];
+    for (const entry of entries) {
+        const entryPath = path.join(currentPath, entry.name);
+        if (entry.isDirectory()) {
+            if (poisonScanSkippedDirectories.has(entry.name)) {
+                continue;
+            }
+            filePaths.push(...(await collectPromptPoisoningScanFiles(rootPath, entryPath)));
+            continue;
+        }
+        if (!entry.isFile() || !poisonScanExtensions.has(path.extname(entry.name).toLowerCase())) {
+            continue;
+        }
+        const details = await stat(entryPath);
+        if (details.size <= 256 * 1024) {
+            filePaths.push(entryPath);
+        }
+    }
+    return filePaths;
+}
+function containsPromptInjectionText(content) {
+    return promptInjectionPatterns.some((pattern) => pattern.test(content));
+}
+async function auditPromptPoisoningSurface(rootPath) {
+    const findings = [];
+    for (const filePath of await collectPromptPoisoningScanFiles(rootPath)) {
+        const content = await readFile(filePath, "utf8");
+        if (!containsPromptInjectionText(content)) {
+            continue;
+        }
+        const relativeFilePath = path.relative(rootPath, filePath).replace(/\\/g, "/");
+        findings.push(buildFinding("fail", "plugin.security.prompt_injection_text", `The packaged text file \`${relativeFilePath}\` contains prompt-injection or secret-exfiltration style instructions.`, "Malicious or poisoned tool, prompt, resource, or skill text can instruct an agent to ignore higher-priority instructions or leak secrets when loaded into context.", "Remove hidden override or exfiltration instructions, then keep tool/prompt/resource descriptions scoped to the legitimate user-facing behavior."));
+    }
+    return findings;
+}
 async function auditMcpCommandSurface(discoveredPackage) {
     const { manifest, rootPath } = discoveredPackage;
     if (!manifest.mcpServers) {
@@ -154,7 +211,8 @@ export async function buildSecurityAudit(targetPath) {
     const validationSecurityFindings = validationResult.findings.filter((finding) => finding.id.startsWith("plugin.security."));
     const findings = [
         ...validationSecurityFindings,
-        ...(await auditMcpCommandSurface(discoveredPackage))
+        ...(await auditMcpCommandSurface(discoveredPackage)),
+        ...(await auditPromptPoisoningSurface(discoveredPackage.rootPath))
     ];
     return buildSecurityAuditFromFindings(discoveredPackage.rootPath, findings);
 }

package/dist/security/trust-score.d.ts

@@ -1,4 +1,5 @@
 import type { Finding } from "../domain/types.js";
+import { type SecurityAudit } from "./security-audit.js";
 export interface TrustScoreReport {
     schemaVersion: "1.0.0";
     generatedAt: string;
@@ -18,6 +19,9 @@ export interface TrustScoreReport {
     };
     findings: Finding[];
 }
-export declare function buildTrustScore(targetPath: string): Promise<TrustScoreReport>;
+export interface BuildTrustScoreOptions {
+    securityAudit?: SecurityAudit | null;
+}
+export declare function buildTrustScore(targetPath: string, options?: BuildTrustScoreOptions): Promise<TrustScoreReport>;
 export declare function renderTrustScoreJson(report: TrustScoreReport): string;
 export declare function renderTrustScore(report: TrustScoreReport): string;

package/dist/security/trust-score.js

@@ -116,7 +116,7 @@ function scoreFindings(findings) {
     const warnCount = findings.filter((finding) => finding.severity === "warn").length;
     return Math.max(0, 100 - (failCount * 35) - (warnCount * 10));
 }
-export async function buildTrustScore(targetPath) {
+export async function buildTrustScore(targetPath, options = {}) {
     const rootPath = path.resolve(targetPath);
     const packageJson = await readPackageJson(rootPath);
     const scriptAudit = packageJson
@@ -125,10 +125,11 @@ export async function buildTrustScore(targetPath) {
     const dependencyAudit = packageJson
         ? auditDependencies(packageJson)
         : { findings: [], dependenciesChecked: 0 };
-    const discoveredPackage = await discoverPackage(rootPath);
-    const securityAudit = discoveredPackage
-        ? await buildSecurityAudit(rootPath)
-        : null;
+    const securityAudit = options.securityAudit !== undefined
+        ? options.securityAudit
+        : await discoverPackage(rootPath)
+            ? await buildSecurityAudit(rootPath)
+            : null;
     const findings = dedupeFindings([
         ...scriptAudit.findings,
         ...dependencyAudit.findings,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codex-plugin-doctor",
-  "version": "0.13.0",
+  "version": "0.15.0",
   "description": "CLI-first validator for Codex plugins, skills, and MCP package surfaces with runtime MCP protocol validation.",
   "type": "module",
   "main": "./dist/index.js",