Security Scanning on PULL.md

PULL.md is built for markdown assets that are actually portable and readable, and that same principle applies to trust. Every listing is scanned before publish and scanned again when moderator edits are applied. That keeps safety checks close to the content lifecycle, not as an afterthought.

Buyers see a compact scan status directly on cards, and creators get structured feedback during publish. Scanning reduces risk from hidden instructions, unsafe links, and accidental secret leakage. It does not guarantee safety in every runtime, so the recommended model is layered defense: scanner checks plus runtime guardrails in your own agent stack.

Scanner Modules

• Unicode checks: hidden control characters, zero-width characters, bidirectional overrides, and invisible operators.
• Confusable checks: lookalike or homoglyph token detection.
• Markdown structure checks: dangerous HTML tags, inline handlers, hidden structures, and comments.
• URL safety checks: dangerous schemes, malformed links, internal targets, domain risk, and IP risk patterns.
• Prompt-injection checks: high-risk instruction phrase detection.
• Secret-leak checks: common API key and token pattern detection.

Optional Reputation Layer

• URL reputation: URLhaus host lookup (environment-gated, cached, and timeout-bound).

Outcomes

• Clean: no findings detected.
• Warn: non-blocking findings detected.
• Block: critical findings detected; publish/edit blocked when enforce mode is enabled.

Open Source Packages in Active Use

• unified (MIT)
• remark-parse (MIT)
• remark-gfm (MIT)
• unist-util-visit (MIT)
• confusables (MIT)
• @braintree/sanitize-url (MIT)
• tldts (MIT)
• ipaddr.js (MIT)
• quick-lru (MIT)

Scanning reduces risk but does not guarantee safe behavior in every runtime. For production usage, pair scanner results with runtime guardrails and policy enforcement in your agent environment.