open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins
History
Kjell Tore Guttormsen b95d85bb4c feat(post-mcp-verify): E4 — scan markdown link titles for injection 
Adversarial payloads in markdown link title attributes (rendered as
tooltips, parsed by agents) bypassed the existing HTML-content checks
which gated on `<tag>` presence. Pattern: [text](url "title").

Adds linkTitleRegex extraction to the HTML-content block, runs each
captured title through scanForInjection, emits at the strongest tier
encountered with category markdown-link-title-injection.

+3 tests (62 → 62 in post-mcp-verify.test.mjs file, was 59).

Refs: Batch B Wave 4 / Step 9 / v7.2.0
2026-04-29 14:52:30 +02:00
..
ai-psychosis docs: add AI-generated code disclosure to marketplace and all plugins 2026-04-19 19:27:05 +02:00
config-audit docs(config-audit): straggler sweep — 7 → 8 quality areas in agent + command 2026-04-19 22:58:50 +02:00
graceful-handoff feat(graceful-handoff): initial plugin with /graceful-handoff command 2026-04-19 22:54:10 +02:00
linkedin-thought-leadership docs: add AI-generated code disclosure to marketplace and all plugins 2026-04-19 19:27:05 +02:00
llm-security feat(post-mcp-verify): E4 — scan markdown link titles for injection 2026-04-29 14:52:30 +02:00
ms-ai-architect docs: add AI-generated code disclosure to marketplace and all plugins 2026-04-19 19:27:05 +02:00
okr docs: add AI-generated code disclosure to marketplace and all plugins 2026-04-19 19:27:05 +02:00
ultraplan-local feat(ultraplan-local)!: v2.4.0 — version bump 2026-04-19 21:46:17 +02:00