ZeroLeaks
ZeroLeaks SDK

Reports

Retrieve scores, findings, recommendations, remediation, and scan metadata.

Reports

Completed prompt scans produce a security report with an overall score, vulnerability classification, findings, recommendations, and mode-specific evidence.

Runtime and endpoint reports additionally break findings into prompt security, tool safety, multi-turn resilience, and data leakage. Runtime reports include a toolTrace containing observed arguments, results, errors, provider execution state, attack prompt, and isolated session.

const report = await zeroleaks.reports.getByScan(scanId);

console.log(report.overallScore); // 0-100, higher is safer
console.log(report.overallVulnerability);
console.log(report.findings);
console.log(report.recommendations);

Retrieve a report by report ID:

const report = await zeroleaks.reports.get(reportId);

List report summaries:

const page = await zeroleaks.reports.list({ limit: 20 });
console.log(page.items);

The report shape can include:

  • Extraction and injection scores
  • Severity-ranked findings
  • Attack-family statistics
  • Sandbox tool logs and exposed canaries
  • Kill-chain detections
  • Prompt remediation guidance
  • Knowledge and corpus version metadata
  • A truncation notice when verbose evidence exceeds storage limits
  • Runtime tool-call and tool-result traces
  • Target provider, model, tool schemas, and adapter metadata

Treat report evidence as sensitive security data. Avoid logging complete reports or exposing them to unauthenticated clients.

On this page