ktg-plugin-marketplace

open/ktg-plugin-marketplace

Fork 0

Commit graph

Author	SHA1	Message	Date
Kjell Tore Guttormsen	8d8d4e7002	feat(red-team): 8 new evasion-arsenal scenarios for v7.2.0 (E1/E4/E5/E7/E16/E17) Adds attack-simulator coverage for the new defenses landed earlier in Batch B. All eight scenarios pass against the current hooks (72/72, zero gaps). E15 (memory-poisoning glob) and E18 (entropy markdown-image CDN allowlist) are scanner-only and have unit/integration coverage in their respective scanner test files. unicode-evasion (pre-prompt-inject-scan): UNI-007 E1 PUA-A range hidden Unicode → HIGH advisory UNI-008 E1 PUA-B range hidden Unicode → HIGH advisory UNI-009 E16 Greek-Latin homoglyph fold → CRITICAL block mcp-output (post-mcp-verify): MCP-005 E4 Markdown link-title injection → markdown-link-title-injection MCP-006 E5 SVG <desc> injection → svg-element-injection MCP-007 E5 SVG <foreignObject> injection → svg-element-injection MCP-008 E7 HTML comment-node injection (no marker) → html-comment-injection session-trifecta (post-session-guard): TRI-004 E17 Escalation-after-input (WebFetch → Task) → escalation-after-input advisory Payload helpers `buildPuaAPayload` / `buildPuaBPayload` shift each character into Supplementary Private Use Area-A / -B respectively. The Greek-fold payload uses Greek ι (U+03B9 → i) and ο (U+03BF → o) so foldHomoglyphs reproduces the canonical "ignore previous instructions" CRITICAL pattern. Total: 64 → 72 scenarios. Refs: Batch B Wave 6 / Step 14 / v7.2.0	2026-04-29 15:35:32 +02:00
Kjell Tore Guttormsen	0765a5595e	feat(scanner): add --benchmark mode to attack-simulator with structured reporting	2026-04-10 13:02:58 +02:00
Kjell Tore Guttormsen	f93d6abdae	feat: initial open marketplace with llm-security, config-audit, ultraplan-local	2026-04-06 18:47:49 +02:00

Author

SHA1

Message

Date

Kjell Tore Guttormsen

8d8d4e7002

feat(red-team): 8 new evasion-arsenal scenarios for v7.2.0 (E1/E4/E5/E7/E16/E17)

Adds attack-simulator coverage for the new defenses landed earlier in
Batch B. All eight scenarios pass against the current hooks (72/72,
zero gaps). E15 (memory-poisoning glob) and E18 (entropy markdown-image
CDN allowlist) are scanner-only and have unit/integration coverage in
their respective scanner test files.

  unicode-evasion (pre-prompt-inject-scan):
    UNI-007  E1  PUA-A range hidden Unicode               → HIGH advisory
    UNI-008  E1  PUA-B range hidden Unicode               → HIGH advisory
    UNI-009  E16 Greek-Latin homoglyph fold               → CRITICAL block

  mcp-output (post-mcp-verify):
    MCP-005  E4  Markdown link-title injection            → markdown-link-title-injection
    MCP-006  E5  SVG <desc> injection                     → svg-element-injection
    MCP-007  E5  SVG <foreignObject> injection            → svg-element-injection
    MCP-008  E7  HTML comment-node injection (no marker)  → html-comment-injection

  session-trifecta (post-session-guard):
    TRI-004  E17 Escalation-after-input (WebFetch → Task) → escalation-after-input advisory

Payload helpers `buildPuaAPayload` / `buildPuaBPayload` shift each
character into Supplementary Private Use Area-A / -B respectively.
The Greek-fold payload uses Greek ι (U+03B9 → i) and ο (U+03BF → o)
so foldHomoglyphs reproduces the canonical "ignore previous
instructions" CRITICAL pattern.

Total: 64 → 72 scenarios.

Refs: Batch B Wave 6 / Step 14 / v7.2.0

2026-04-29 15:35:32 +02:00

Kjell Tore Guttormsen

0765a5595e

feat(scanner): add --benchmark mode to attack-simulator with structured reporting

2026-04-10 13:02:58 +02:00

Kjell Tore Guttormsen

f93d6abdae

feat: initial open marketplace with llm-security, config-audit, ultraplan-local

2026-04-06 18:47:49 +02:00

3 commits