d441abba20
The existing CRITICAL pattern in injection-patterns.mjs only fires when a comment body contains AGENT/AI/HIDDEN markers. Adversaries can drop the marker and still hide instructions inside <!-- ... --> for any agent that reads page source. This generalizes the comment scan: every comment body is HTML-entity-decoded and run through the full injection rule set. The existing keyword-restricted pattern still fires (defense-in-depth). Emits at the strongest tier with category html-comment-injection. +3 tests (65 → 68). Refs: Batch B Wave 4 / Step 11 / v7.2.0 |
||
|---|---|---|
| .. | ||
| post-mcp-verify.mjs | ||
| post-session-guard.mjs | ||
| pre-bash-destructive.mjs | ||
| pre-compact-scan.mjs | ||
| pre-edit-secrets.mjs | ||
| pre-install-supply-chain.mjs | ||
| pre-prompt-inject-scan.mjs | ||
| pre-write-pathguard.mjs | ||
| update-check.mjs | ||