Skip to main content
The Runs view displays executed workflow results, findings from each module, and run history. Navigate runs via the sidebar or return to the Launcher.

Run History Sidebar

The left sidebar lists all past runs, sorted by most recent first. Click any run to view its detailed results. Each run entry shows:
  • Workflow name: e.g., “Assess an MCP Server”
  • Status badge: Color-coded (success, error, partial, in progress)
  • Target name: The target being tested
  • Timestamp: When the run started
Runs are persistent. Even after closing the browser, the sidebar will repopulate with all previous runs on next visit.

Overview Header

When viewing a completed run, the overview header displays:
  • Status badge: COMPLETED, FAILED, PARTIAL, or IN PROGRESS
  • Workflow name: Human-readable name of the executed workflow
  • Target and URI: The target being tested and optional connection details
  • Duration: Wall-clock time from start to finish
  • Module badges: One badge per child run (audit, proxy, inject, etc.) showing individual module status
  • Finding counts: Summary of high/medium/low severity findings (if applicable)

Action Buttons

The top-right of the overview header contains result export and report controls:
  • Generate Report: Launches the Generate Report workflow for the run’s target. Available after all modules complete.
  • Export JSON: Full run bundle in JSON format (run-bundle-v1 schema) for tooling integration.
  • Download SARIF: SARIF format for audit findings (only available if the audit module ran).
  • Download Report: Appears after a report has been generated, linking to the HTML report.

Module Tabs

Below the overview, a tabbed interface organizes results by module. Visible tabs depend on which modules executed in the workflow.

Audit Tab

Displays findings from the audit module: discovered tool trust boundaries, permission issues, type confusion vulnerabilities, and more. Layout:
  • Findings list: Each finding shows severity, title, description, and the scanner that discovered it.
  • Framework pills: Security framework mappings (e.g., “OWASP”, “CWE-123”).
  • Mitigation toggle: Click to expand/collapse remediation guidance.
  • Previously Seen badge: Appears on findings detected in prior runs against the same target.

Proxy Tab

Network traffic capture and analysis results. Shows intercepted requests/responses between the client and MCP server.

Inject Tab

Prompt injection test results: payloads attempted, success rates, evasion effectiveness, and extraction outputs.

IPI Tab

Indirect prompt injection results with guidance blocks for deployment mitigations. Guidance blocks provide step-by-step remediations organized by playbook section (detection, response, prevention).

CXP Tab

Context file poisoning results with deployment playbooks. Guidance blocks show how to detect and respond to context poisoning in AI-assisted development workflows. Conclude Campaign button: Marks an IPI/CXP workflow as concluded, recording the outcome for future runs.

Findings Display

Findings are presented in a table with columns for:
  • Severity: High, Medium, Low (color-coded badges)
  • Title: Finding name
  • Description: Details of the issue
  • Module: Which module discovered it (audit, inject, etc.)
  • Framework IDs: Security standard references (OWASP, CWE, etc.)

Mitigation Guidance

Click a finding to expand mitigation guidance:
  • Detection: How to identify the vulnerability in production
  • Response: Immediate actions if exploited
  • Prevention: Long-term fixes and hardening steps
Guidance is rendered as formatted Markdown with code examples where applicable.

Previously Seen Badge

Findings marked with “Previously Seen” indicate the issue was discovered in a prior run against the same target. Use this to:
  • Track recurring vulnerabilities
  • Validate fixes (findings should disappear after remediation)
  • Identify persistent weaknesses requiring prioritized attention

Status Bar

For in-progress runs, the status bar shows:
  • Progress: Current step or estimated completion
  • Child run badges: Module-level status (pending, running, completed, failed)
  • Waiting banner (if applicable): Indicates a paused run awaiting user input or external callback
A Resume button appears if the run is waiting for user action.

Concurrent Runs

You can run multiple workflows simultaneously:
  1. Navigate to the Launcher while a workflow is executing
  2. Start another workflow
  3. Switch between runs in the sidebar to monitor progress
WebSocket connections keep all active runs updated in real-time.

Playbook Tabs

For IPI and CXP results, additional tabs organize playbook guidance:
  • Detection: Recognize the attack in logs and system behavior
  • Response: Containment and investigation steps
  • Prevention: Architecture and code changes to eliminate the vulnerability
Guidance is collapsible and searchable, making it easy to reference during incident response.

Exporting Results

JSON Export

The Export JSON button downloads the complete run bundle (run-bundle-v1 schema) containing all findings, module outputs, and metadata. Use for integration with external tools — see JSON Schema and Integrations.

SARIF Export

Available when the audit module ran. Downloads findings in SARIF format for GitHub Code Scanning or other SARIF-compatible tools. See SARIF Output.

Generate Report

Launches the Generate Report workflow, which produces an HTML report combining findings across all modules. The report appears as a “Download Report” link once generation completes.