ktg-plugin-marketplace

History

Kjell Tore Guttormsen d441abba20 feat(post-mcp-verify): E7 — scan HTML comment nodes for injection The existing CRITICAL pattern in injection-patterns.mjs only fires when a comment body contains AGENT/AI/HIDDEN markers. Adversaries can drop the marker and still hide instructions inside <!-- ... --> for any agent that reads page source. This generalizes the comment scan: every comment body is HTML-entity-decoded and run through the full injection rule set. The existing keyword-restricted pattern still fires (defense-in-depth). Emits at the strongest tier with category html-comment-injection. +3 tests (65 → 68). Refs: Batch B Wave 4 / Step 11 / v7.2.0	2026-04-29 15:01:56 +02:00
..
scripts	feat(post-mcp-verify): E7 — scan HTML comment nodes for injection	2026-04-29 15:01:56 +02:00
hooks.json	feat(hooks): register PreCompact event in hooks.json	2026-04-17 14:45:13 +02:00

Kjell Tore Guttormsen d441abba20 feat(post-mcp-verify): E7 — scan HTML comment nodes for injection

The existing CRITICAL pattern in injection-patterns.mjs only fires when
a comment body contains AGENT/AI/HIDDEN markers. Adversaries can drop
the marker and still hide instructions inside <!-- ... --> for any
agent that reads page source. This generalizes the comment scan: every
comment body is HTML-entity-decoded and run through the full
injection rule set. The existing keyword-restricted pattern still
fires (defense-in-depth).

Emits at the strongest tier with category html-comment-injection.

+3 tests (65 → 68).

Refs: Batch B Wave 4 / Step 11 / v7.2.0

2026-04-29 15:01:56 +02:00

scripts

feat(post-mcp-verify): E7 — scan HTML comment nodes for injection

2026-04-29 15:01:56 +02:00

hooks.json

feat(hooks): register PreCompact event in hooks.json

2026-04-17 14:45:13 +02:00