open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins
History
Kjell Tore Guttormsen d441abba20 feat(post-mcp-verify): E7 — scan HTML comment nodes for injection 
The existing CRITICAL pattern in injection-patterns.mjs only fires when
a comment body contains AGENT/AI/HIDDEN markers. Adversaries can drop
the marker and still hide instructions inside <!-- ... --> for any
agent that reads page source. This generalizes the comment scan: every
comment body is HTML-entity-decoded and run through the full
injection rule set. The existing keyword-restricted pattern still
fires (defense-in-depth).

Emits at the strongest tier with category html-comment-injection.

+3 tests (65 → 68).

Refs: Batch B Wave 4 / Step 11 / v7.2.0
2026-04-29 15:01:56 +02:00
..
ai-psychosis docs: add AI-generated code disclosure to marketplace and all plugins 2026-04-19 19:27:05 +02:00
config-audit docs(config-audit): straggler sweep — 7 → 8 quality areas in agent + command 2026-04-19 22:58:50 +02:00
graceful-handoff feat(graceful-handoff): initial plugin with /graceful-handoff command 2026-04-19 22:54:10 +02:00
linkedin-thought-leadership docs: add AI-generated code disclosure to marketplace and all plugins 2026-04-19 19:27:05 +02:00
llm-security feat(post-mcp-verify): E7 — scan HTML comment nodes for injection 2026-04-29 15:01:56 +02:00
ms-ai-architect docs: add AI-generated code disclosure to marketplace and all plugins 2026-04-19 19:27:05 +02:00
okr docs: add AI-generated code disclosure to marketplace and all plugins 2026-04-19 19:27:05 +02:00
ultraplan-local feat(ultraplan-local)!: v2.4.0 — version bump 2026-04-19 21:46:17 +02:00