open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins
History
Kjell Tore Guttormsen 716c8384d9 feat(post-mcp-verify): E5 — scan SVG desc/title/metadata/foreignObject 
SVG containers carry text that is invisible in the rendered image but
fully parsed by an agent reading the source. <desc>, <title>,
<metadata>, and <foreignObject> are all valid surfaces for adversarial
injection.

Adds a per-element extractor inside the existing HTML-tag gate, gated
on /<svg[\s>]/i so it only fires for actual SVG content. Inner text is
HTML-entity-decoded then run through scanForInjection. Emits at the
strongest tier with category svg-element-injection.

+3 tests (62 → 65).

Refs: Batch B Wave 4 / Step 10 / v7.2.0
2026-04-29 14:54:58 +02:00
..
ai-psychosis docs: add AI-generated code disclosure to marketplace and all plugins 2026-04-19 19:27:05 +02:00
config-audit docs(config-audit): straggler sweep — 7 → 8 quality areas in agent + command 2026-04-19 22:58:50 +02:00
graceful-handoff feat(graceful-handoff): initial plugin with /graceful-handoff command 2026-04-19 22:54:10 +02:00
linkedin-thought-leadership docs: add AI-generated code disclosure to marketplace and all plugins 2026-04-19 19:27:05 +02:00
llm-security feat(post-mcp-verify): E5 — scan SVG desc/title/metadata/foreignObject 2026-04-29 14:54:58 +02:00
ms-ai-architect docs: add AI-generated code disclosure to marketplace and all plugins 2026-04-19 19:27:05 +02:00
okr docs: add AI-generated code disclosure to marketplace and all plugins 2026-04-19 19:27:05 +02:00
ultraplan-local feat(ultraplan-local)!: v2.4.0 — version bump 2026-04-19 21:46:17 +02:00