Content Manager

Provides content management capabilities for markdown files with fuzzy and exact search through Fuse.js, frontmatter parsing, HTML rendering, and ten core tools including note searching, tag filtering, date range queries, table of contents generation, and directory statistics for building documentation systems and knowledge base applications.

filesystemTypeScript
GitHubnpm
0Tools
12Findings
3Stars
Mar 22, 2026Last Scanned
4 critical · 6 high · 1 medium · 1 low findings detected

Security Category Deep Dive

Prompt Injection
Prompt & context manipulation attacks
69
Maturity
14
Rules
5
Sub-Categories
1
Gaps
64%
Implemented
56
Tests
1
Stories
Findings1
1 critical
criticalJ5Tool Output Poisoning PatternsMCP02-tool-poisoningAML.T0054
Pattern "(error|err|failure|failed).*(?:read|cat|open|access)\s+(?:the\s+)?(?:file|~[/\\]|/etc/|/home/|\.ssh|\.env|\.aws)" matched in source_code: "Failed to read file" (at position 6797)
Tool responses MUST NOT contain instruction-like content, file read directives, or social engineering phrases. Error messages should be factual and technical — never suggest actions involving sensitive data access. See CyberArk ATPA research for attack demonstration.
PI-DIRDirect Input Injection
100%3 rules
Injection via tool descriptions and parameter fields
GAP-001Prompt Injection Coverage GapMissing detection coverage for emerging prompt injection attack variants not addressed by current rules
PI-INDIndirect / Gateway Injection
100%4 rules
Hidden instructions via external content and tool responses
PI-CTXContext Manipulation
100%2 rules
Context window saturation and prior-approval exploitation
PI-ENCEncoding & Obfuscation
100%3 rules
Payload hiding via invisible chars, base64, schema fields
PI-TPLTemplate & Output Poisoning
50%2 rules1 found
Injection via prompt templates and runtime tool output
Framework Coverage
OWASP MCP Top 1014/14
MITRE ATLAS14/14
CoSAI MCP2/14
OWASP Agentic Top 1012/14
Kill Chain Phases
1Initial Access
1Defense Evasion
1Execution
1Persistence