ktg-plugin-marketplace

History

Kjell Tore Guttormsen 716c8384d9 feat(post-mcp-verify): E5 — scan SVG desc/title/metadata/foreignObject SVG containers carry text that is invisible in the rendered image but fully parsed by an agent reading the source. <desc>, <title>, <metadata>, and <foreignObject> are all valid surfaces for adversarial injection. Adds a per-element extractor inside the existing HTML-tag gate, gated on /<svg[\s>]/i so it only fires for actual SVG content. Inner text is HTML-entity-decoded then run through scanForInjection. Emits at the strongest tier with category svg-element-injection. +3 tests (62 → 65). Refs: Batch B Wave 4 / Step 10 / v7.2.0	2026-04-29 14:54:58 +02:00
..
scripts	feat(post-mcp-verify): E5 — scan SVG desc/title/metadata/foreignObject	2026-04-29 14:54:58 +02:00
hooks.json	feat(hooks): register PreCompact event in hooks.json	2026-04-17 14:45:13 +02:00

Kjell Tore Guttormsen 716c8384d9 feat(post-mcp-verify): E5 — scan SVG desc/title/metadata/foreignObject

SVG containers carry text that is invisible in the rendered image but
fully parsed by an agent reading the source. <desc>, <title>,
<metadata>, and <foreignObject> are all valid surfaces for adversarial
injection.

Adds a per-element extractor inside the existing HTML-tag gate, gated
on /<svg[\s>]/i so it only fires for actual SVG content. Inner text is
HTML-entity-decoded then run through scanForInjection. Emits at the
strongest tier with category svg-element-injection.

+3 tests (62 → 65).

Refs: Batch B Wave 4 / Step 10 / v7.2.0

2026-04-29 14:54:58 +02:00

scripts

feat(post-mcp-verify): E5 — scan SVG desc/title/metadata/foreignObject

2026-04-29 14:54:58 +02:00

hooks.json

feat(hooks): register PreCompact event in hooks.json

2026-04-17 14:45:13 +02:00