Report Anatomy
Structure of a ZeroLeaks scan report: executive summary, findings, injection results, hardening, and PDF export.
Report Anatomy
A ZeroLeaks scan report contains several sections. This page describes each section and how to use it.
Executive Summary
The summary is a short paragraph describing the scan outcome:
- Overall vulnerability level
- Number of extraction findings
- Injection success rate (if applicable)
- Key recommendations
Use it for quick triage and stakeholder communication.
Findings
Findings are successful extraction attempts. Each finding includes:
| Field | Description |
|---|---|
| Extracted content | The text the model revealed (instructions, fragments, or full prompt) |
| Technique | The attack category used (e.g., direct, persona, crescendo) |
| Severity | critical, high, medium, or low |
| Confidence | How certain the evaluator is (high, medium, low) |
| Evidence | The model response that indicates leakage |
Findings are ordered by severity. Address critical and high findings first. Use the technique to understand which attack vectors succeeded and apply category-specific hardening.
Injection Results
For injection and Full scans, injection results show each probe:
| Field | Description |
|---|---|
| Succeeded | The model followed the injected instruction |
| Blocked | The model resisted |
| Partial | The model partially complied |
Each result includes:
- Probe ID and technique
- Injected instruction and expected behavior
- Actual response from the model
- Evidence and confidence
Use succeeded and partial results to identify which injection types your prompt is weak against. The report includes type-specific recommendations (e.g., instruction anchoring for instruction_override).
Hardening Validation
If auto-hardening ran, the report includes:
- Before score and after score
- Improvement percentage
- Validation rounds (up to 2)
- Threshold met (yes/no)
- Final hardened prompt
- Remaining weak spots (if any)
Copy the hardened prompt from the report. If validation did not meet the threshold, the remaining weak spots indicate what to fix manually.
Recommendations
Recommendations are generated from:
- Successful attack categories
- Injection test types that succeeded
- Vulnerability level
They are actionable and specific (e.g., "Add explicit instructions that prohibit discussing system configuration"). Apply them to your prompt and re-scan to verify.
Conversation Log
The conversation log shows the full attacker–target exchange. Each turn includes:
- Role: attacker, target, or system
- Content: The message text
- Technique | Category (when available)
Use it to understand how attacks were phrased and why they succeeded. For Full scans, extraction and injection logs may be separate.
PDF Export
Reports can be exported to PDF for:
- Sharing with stakeholders
- Archival
- Compliance or audit trails
Click Export PDF on the report page. The PDF includes the executive summary, findings, injection results, hardening (if present), recommendations, and a condensed conversation log.