Garry Tan 053b46e371 fix: harden trust boundary markers against escape attacks ...

- Sanitize URLs in markers (remove newlines, cap at 200 chars) to prevent
  marker injection via history.pushState
- Escape marker strings in content (zero-width space) so malicious pages
  can't forge the END marker to break out of the untrusted block
- Wrap resume command snapshot with trust boundary markers
- Wrap diff command output with trust boundary markers
- Wrap watch stop last snapshot with trust boundary markers

Found by cross-model adversarial review (Claude + Codex).

2026-03-29 13:27:44 -07:00

..

bin

feat: multi-agent support — gstack works on Codex, Gemini CLI, and Cursor (v0.9.0) (#226)

2026-03-19 18:20:50 -07:00

scripts

fix: Windows support — Node.js server fallback for Playwright (#255)

2026-03-20 12:22:11 -07:00

src

fix: harden trust boundary markers against escape attacks

2026-03-29 13:27:44 -07:00

test

fix: content trust boundary markers in browse output

2026-03-28 23:37:58 -07:00

SKILL.md

fix: content trust boundary markers in browse output

2026-03-28 23:37:58 -07:00

SKILL.md.tmpl

feat: worktree isolation for E2E tests + infrastructure elegance (v0.11.12.0) (#425)

2026-03-23 23:05:22 -07:00