Supplementary appendix describing the full evaluation setup, threat model, defense layers, metrics, and release-gate procedures for secure agentic LLM systems. Includes system configuration, attacker capabilities, telemetry, reproducibility details, and parameter glossary.