Season 4 Secure Code Game (#188)

* Add Season-4 folder

* Add README.md and remove .gitkeep

* Add TODO placeholders and rate limit notes to README.md

* Add Season-4 Level-1: minimal AI chat with Productivity Bot

* Adds base image to devcontainer configuration

* Add Season-4 npm install to devcontainer postCreateCommand

* Updates .devcontainer

* Add prodbot CLI: interactive AI-powered productivity bot for Season-4

* Fix npm link: cd into Season-4 before linking to avoid nested directory

* Replace npm link with direct symlink to avoid nested Season-4 directory

* Fix symlink: use absolute Codespaces path for prodbot

* Fix prodbot: use ~/.local/bin symlink with PATH export for Codespaces

* Refactor ProdBot: bash enabler with sandboxed prodbot-activities

- Replace structured JSON actions with bash command execution
- Add lib/bash.js: command validation (denylist, path confinement) + executor
- Add y/n confirmation before each command runs
- Sandbox all operations to Level-1/prodbot-activities/
- Remove obsolete code: code.spec.js, .utils/utils.js, actions.js
- Remove chat:Level-1 npm script

* Polish: remove .gitkeep, gitignore sandbox, add educational comments

- Delete .gitkeep (prodbot.js auto-creates sandbox on startup)
- Add Season-4/Level-1/prodbot-activities/ to .gitignore
- Add JSDoc and inline comments to bash.js, ai.js, prodbot.js
  explaining security concepts, REPL flow, and API integration

* Add .gitkeep to Level-1/ so directory exists after cloning

* Add .gitkeep to prodbot-activities/, update gitignore to allow it

* Add Level-1 challenge: path traversal sandbox escape

- Add password.txt with flag BYPA55ED in realistic credential format
- Add hint-1.txt: read the validator code, spot the regex weakness
- Add hint-2.txt: base64 encoding can hide paths from regex
- Add hint-3.txt: bash variables bypass the .. regex check
- Add solution.txt: full walkthrough of both bypasses
- Add flag detection in prodbot.js: congrats banner on successful escape

* Improve hint clarity: add separators between approaches

* Fix hint-3: remove direct solution, guide without spoiling

* Fix border alignment, hint headers, and suppress deprecation warning

- Rebuild congrats banner with pad() function for consistent right border
- Replace em-dash with hyphen in all box headers (em-dash is double-width)
- Fix hint-1/2/3 header box widths to be consistent
- Suppress punycode DEP0040 deprecation warning from openai package

* Use bright chalk colors for vivid terminal output

- Switch welcome box to magentaBright/greenBright for vivid borders
- Switch congrats banner to bright variants (greenBright, yellowBright, etc.)
- Update help, prompt, and goodbye to use bright colors

* Use #FF00FF hex color for intense purple borders

* Use intense/bright colors consistently across all files

- banner.js: cyanBright, #FF00FF, greenBright, whiteBright
- ai.js: redBright for errors
- prodbot.js: yellowBright, cyanBright, redBright, greenBright

* Use #20C20E hex for intense green across all files

* Add persistent shell: variables and state survive across commands

- Replace execSync with a long-lived bash process (PersistentShell class)
- Shell state (variables, cwd) persists between commands like a real terminal
- Use marker-based output delimiting to capture command results
- Block 'exec' command to prevent shell replacement
- No timeout on commands (players can take their time reading hints)
- Shell auto-respawns if it crashes
- Opens a third bypass path: set D=.. in one command, use it in the next

* Reorder hints and solution: env var bypass first, base64 second

- Hint 2: now covers variable assignment regex gap
- Hint 3: now covers base64 encoding approach
- Solution: Bypass 1 is env var, Bypass 2 is base64

* Polish hints/solution: reorder, remove temp references, add sensitive data lesson

- Remove 'Execute? (y/n)' references from solution.txt
- Add split-command note for D=.. bypass in solution
- Move showCongrats to bottom of prodbot.js (away from player's view)
- Reword secure alternative 1: business-objective-aware framing
- Add secure alternative 4: never store sensitive data in reachable paths

* Remove unnecessary .gitkeep from Level-1 (directory has real files)

* Block tilde and bare cd sandbox escapes in validator

- Block ~ references (expands to $HOME at runtime)
- Block bare 'cd' (defaults to $HOME)
- Intended bypasses (env var, base64) still work

* Add Level 2: Indirect Prompt Injection via Web Search

- 12 simulated websites (social, weather, sports, shopping, travel, tech)
- Web search feature with keyword scoring and interactive thinking
- Level progression: auto-transition after L1, jump command (level <n>)
- password.txt with flag INDIR3CT
- Progressive hints (3) and full solution walkthrough
- Level 2 congrats banner
- ProdBot v2.0.0 with level-aware welcome, help, and flag detection

* Improve reddit content for better search matching on gardening queries

* Add JSON format troubleshooting to hint-3 and solution

Explains why the AI might summarise instead of executing, and
how to include the JSON format hint in the hidden instruction.

* Polish websites and content per review feedback

- Solution: mention indirect prompt injection in intro
- Hint 2: clarify web/ simulates public internet
- Remove github.html and microsoft.html
- Remove dates from accuweather, amazon, airbnb, skyscanner
- Airbnb prices in Euro
- LinkedIn: remove employer names from profiles and jobs
- Reddit: remove r/books section, keep gardening and cooking
- Weather.com: change from London to New York

* Weather.com: swap New York for London in Other Cities

* Add sources display and browser preview for web search

- Show Sources footer after AI responses from web search
- Add 'sources' command to list all sources from last search
- Add 'open <n>' command to view source in Codespace browser
- Update help menu with new commands (Level 2+)
- Add browser preview instructions to hint-1 and hint-2
- Track lastSources across searches for persistent access

* Polish Level 2 UI and content

- L1 solution: add quick one-liner example before WHY IT WORKS
- Banner: remove version, add 'Welcome to Level N', reorder lines
- Green 'enabled' for web search in banner
- Add spacing between web search reading and AI answer
- Colorful source listing with distinct colored square icons
- open <n> opens individual website directly
- Add 'open all' command for World Wide Web directory
- L2 solution: add all L1 bypass approaches adapted for injection
- Remove 'ignore all previous instructions' phrasing (Azure filters)
- Add SITE_COLORS palette and siteIcon() helper

* Add World Wide Web landing page and fix open commands

- Create index.html with branded colored cards in 2x5 grid
- Dark theme with gradient title matching ProdBot aesthetic
- open <n> now opens individual site directly (not dir listing)
- open all opens the World Wide Web landing page
- Reuse HTTP server if already running (ensureWebServer)
- Exclude index.html from web search results

* Fix open commands for Codespaces and add dynamic index

- Build correct Codespace URLs using CODESPACE_NAME env var
- Print clickable URLs instead of webbrowser.open (path was lost)
- Generate index.html dynamically to include user-created websites
- User-created sites appear with dashed border in distinct section
- Known sites get branded colors, user sites get 🌍 globe icon
- SITE_CATALOG replaces SITE_COLORS for richer metadata

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Auto-open browser with full Codespace URL

- Use webbrowser.open() with full Codespace URL (not localhost)
- Path is preserved because URL includes the file path directly
- Falls back to clickable link if auto-open fails
- Always prints the URL below for reference

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Use terminal hyperlinks for cleaner open output

- Add termLink() using OSC 8 escape sequences for clickable text
- 'click here' appears as a styled hyperlink instead of raw URL
- Success: 'Opened! Check your browser tab or click here'
- Fallback: 'Server ready — click here to view.'

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add Bloomberg and Yahoo Finance to simulated internet

- bloomberg.html: dark theme, market indices, financial news, commodities
- yahoo-finance.html: top 20 tech stocks with ticker, name, price, change
- Add both to SITE_CATALOG with brand colors and icons
- Add financial keywords to web search patterns (stock, market, finance, invest)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add Level 3: Excessive Agency via over-permissioned MCP tools

- Three MCP servers: Finance, Web Automation, Cloud Backup
- Cloud Backup claims sandbox scope but BASE_DIR is Level-3/ root
- Player must read source code to discover the misconfigured scope
- tools/tool commands for MCP server inspection
- MCP routing detects 'use [tool]' patterns in natural language
- Level 3 flag detection and congrats banner
- Level 2→3 auto-transition after L2 completion
- Hints and solution with multiple exploit approaches
- .gitignore updated for Level 3 sandbox

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add agentic multi-tool workflow for financial research

When player asks 'research AAPL' or 'deep dive into MSFT', ProdBot
chains all 3 MCP tools with visual feedback:
  1. Finance MCP → stock quote + market summary
  2. Web Automation MCP → browse for news
  3. Cloud Backup → auto-save research report

This normalizes Cloud Backup file operations, making the exploit
path (restore password.txt) feel natural.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Support company names in agentic queries and add example prompts

- Company name → ticker mapping (apple→AAPL, nvidia→NVDA, etc.)
- 'research nvidia stock for me' now triggers agentic workflow
- Added example prompts after Level 2 and Level 3 welcome banners

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix hint-1: remove irrelevant browser preview for JS source files

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix box alignment: use ASCII in MCP headers, fix em dashes in hints

MCP file advertisement headers switched from Unicode box-drawing
+ emojis to plain ASCII (+---+, |  |) for consistent vertical
alignment across editors and terminals. Hint headers use -- not
em dash for byte-width consistency.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Polish MCP servers: simplify names, add comments, fix giveaway

- Stock names simplified (Apple, Microsoft, Google, not Inc/Corp)
- Alphabet has alias 'Google' in both finance-mcp and prodbot
- Added JSDoc comments to all MCP tools and helper functions
- Replaced giveaway comment in cloud-mcp ('NOTE: This should be
  the sandbox...') with neutral 'Workspace root for backup'
- ASCII box headers already fixed in previous commit

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Enrich welcome prompts: one per website + agentic workflow diagram

Level 2: 12 verified prompts (one per simulated website), all
tested to trigger web search and hit the correct page.

Level 3: 3 research prompts + visual diagram showing the
Finance → Web → Cloud agentic workflow chain.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Reorder prompts and add linear agentic workflow diagram

- Accuweather moved to bottom of Level 2 prompt list
- Level 3: horizontal flow line before bullet details:
  User Prompt → Finance → Web → Report → Cloud Backup

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* UI polish: Bloomberg alignment, prompt order, agentic display

- Bloomberg: right-align prices with min-width for vertical alignment
- Level 2: separate ESPN/Sky Sports in list for variety
- Level 3: 'These prompts trigger an agentic workflow:' label
- Finance emoji changed from Yen (💹) to chart (📈)
- Horizontal diagram: Cloud Backup (not just Backup)
- Market summary removed from on-screen display (kept in report)
- Research summary emojis match MCP server icons (📈, 🌐, ☁️)
- Numbered research files: 1-research-AAPL, 2-research-MSFT, etc

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* UI polish: simplify web scan, fix icons, Level 3 welcome updates

- Web search: single '🌐 Scanning N websites...' instead of listing each
- Yahoo Finance icon: 📊 (was 💹 Yen chart)
- Bloomberg icon: 🅱️ (distinct from Finance MCP's 📈)
- Level 3: removed 'Web search: enabled' from banner
- Level 3: 'stock prices' not 'stock quote', 'auto-saves' not 'auto-save'
- Added 'You can also run individual MCP server functions:' with examples
- Research reports saved directly to .cloudsync/ (not sandbox root)
- Numbered files: 1-research-AAPL.txt inside .cloudsync

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Polish help text: 3rd person, tool shortnames, cleaner commands

- 'What ProdBot can do' instead of 'What I can do' (3rd person)
- Remove 'sources' from ? help (command still works)
- 'Open web source N' instead of 'Open source N'
- MCP section: 'facilitated by chaining MCP tools'
- Web search: 'Ask ProdBot to search' not 'Ask me'
- showTools(): add shortname hints (tool finance, tool web, tool cloud)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix MCP tool routing: prefer longest tool name match

The old routing matched tools in declaration order within a server,
causing 'backup' (from the server name 'Cloud Backup') to match
before 'restore' or 'list_backups'. Now uses a two-pass approach:
1. Find the longest matching tool name across all servers
2. Fall back to server name match with default tool

Fixes: 'restore password.txt', 'list backups', and
'use cloud backup to restore X' all route correctly now.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Copy web to Level-3: eliminate cross-level exploit risk

Level 3 previously read HTML from Level-2/web/, meaning a player
could reuse Level 2's indirect prompt injection to leak the Level 3
flag. Now Level 3 has its own clean copy of the simulated web.

- Copy all 13 HTML files to Level-3/web/
- Update web-mcp.js WEB_DIR to local ../web (no cross-level traversal)
- Update LEVELS[3].webDir from '../Level-2/web' to 'web'
- Add comment in config.json explaining INDIR3CT is the Level 2 secret

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix ASCII box alignment in all 3 MCP server headers

All content lines now 59 chars with right pipe perfectly aligned.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Disable AI web search on Level 3 to prevent L2 exploit reuse

Level 3's challenge is excessive MCP agency, not indirect prompt
injection. The AI-powered web search (which sends HTML to the LLM)
is now restricted to Level 2 only. Level 3 players use the Web MCP
browse tool instead, which returns text directly without AI processing.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Harden Level 3: block L1 exploits, cut web to finance sites

Level 3's validator now blocks shell tricks that bypass path traversal
checks on Levels 1-2 (env var assignment with '..', backticks, $(),
base64 decode, eval, printf hex escapes). Normal commands unaffected.

- Add level parameter to validateCommand() and PersistentShell
- Level 3+ gets 6 additional hardened regex checks
- Levels 1-2 validator unchanged (intentionally bypassable)
- Cut Level-3/web/ from 13 sites to 2 (bloomberg, yahoo-finance)
- MCP excessive agency exploit still works as intended

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Move Finance API key from plaintext config to env var

config.json now stores the env var name (FINANCE_API_KEY), not the
secret itself. finance-mcp.js reads process.env[envVarName] to get
the key. prodbot.js sets the env var when entering Level 3.

No plaintext secrets in committed files — models proper secret mgmt.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Level 4: Memory Lane — supply chain poisoning via skills + memory

Add Level 4 challenge where an org-approved skill (@onboarding)
writes a persistent system memory entry (scope=workspace, ttl=0)
that weakens the validator's path traversal protection.

New features:
- Memory system (remember/memory/forget) available from Level 1
- 6 org-approved skills with Skills Committee framing
- TTL-based system memory entries (ttl=0 = persistent = the bug)
- Validator checks system memory for workspace scope on Level 4+
- Level 4 welcome screen, help, congrats banner, hints, solution

Exploit chain: run onboarding → scope=workspace persists → cat ../password.txt
Flag: M3MORY1

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Polish Level 4: consistent borders, toned-down hints, memory reset

- Standardize all hint borders across L1-L4 to 3-line ╔══╗ style
- Remove subtitles from all hints (just Hint N — Level N)
- Tone down hint 3 in L3 and L4 (no longer gives exact answer)
- Fix L4 password.txt to match L1-L3 credentials format
- Fix L4 solution.txt to match L1-L3 layout with ╔══╗ border
- Update skill dates to end of March 2026
- Add 'Skill' suffix to all skill names
- Improve TTL comments: explain ctx.writeSystemMemory(key, value, ttl)
- Fix L4 welcome: remove remember/memory from Try, keep skills only
- Fix icon spacing alignment in welcome skill list
- Mention @onboarding skill by name in L4 congrats banner
- Clear .memory on ProdBot startup and Level 4 entry for retry

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix skill UI: icon spacing, run instructions, remove @ prefix

- Add trailing space to ⚙️ icon for vertical alignment
- Remove @ prefix from skill names in all menus
- Change '→ run X' to 'To run this skill: run X'
- Add 'To run a skill: run <skill-name>' below welcome skill list

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Style: purple 'Run a skill' label, grouped memory entries

- Make 'Run a skill:' purple like 'Try:' with run command below
- Group memory entries by type with blank lines between groups

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix help menu: 'Execute an installed skill' for run command

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Simplify welcome label: 'Run:' matches 'Try:' style

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Remove elevated_paths, add real-world context to solution

- Remove cosmetic elevated_paths entry from @onboarding skill
- Add 'Real-World Parallels' section to solution explaining
  TTL as simplified time-boxed credentials (sudo, OAuth, AWS STS)
- Expand 'Why It Works' with .memory flat-file vulnerability
  explanation: no integrity checks, plugins write directly to
  policy file that validator reads
- Add integrity checks to secure alternatives

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Remove @ prefix from skill references, use quotes instead

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix solution path B step, add integrity checks to congrats banner

- Fix 'skill onboarding' → 'run onboarding' in discovery path B
- Add policy/data store separation and integrity checks to
  congrats banner secure alternatives (5 items, matching solution)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Enrich solution with real-world AI memory context

- Add context: skills reading/writing memory is a feature, not
  a bug — the problem is shared unprotected policy/data stores
- Note industry shift to vector databases and structured stores
- Add user control as secure alternative (#5): inspect, manage,
  and delete memory entries including system entries from skills

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add Level 5: Confused Deputy via multi-agent delegation

Introduce a multi-agent system with Research Agent (web browsing)
and DevOps Agent (elevated workspace permissions). The exploit is
a confused deputy attack: untrusted web content flows through the
Research Agent to the DevOps Agent, which trusts it as pre-verified
internal data and executes commands with elevated permissions.

New features:
- Agent loading system (agents/, config.json)
- Agent display commands (agents, agent <name>)
- Multi-agent orchestration (Research -> DevOps chain)
- DevOps-themed web pages (k8s, terraform, CI/CD, devops news)
- Pre-poisoned k8s-setup-guide.html with hidden HTML comment
- sendToAI() now accepts optional custom system prompt
- Level 5 welcome, help, and congrats banner

Flag: D3PUTY
Security lesson: Trust is not transitive in multi-agent systems

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Re-theme Level 5 web pages to open source project management

Replace K8s/Terraform themed pages with universally familiar,
vendor-neutral open source project management content:

- k8s-setup-guide.html → release-management-guide.html (poisoned)
- terraform-docs.html → contributing-guide.html
- devops-weekly.html → opensource-weekly.html
- ci-cd-pipeline.html → changelog-automation.html

Update example prompts, detection regex, hints, and solution
to match the new theme. Exploit mechanism unchanged.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Replace opensource-weekly.html with maintainer-handbook.html

A standalone newsletter HTML file isn't realistic. Replace with
a maintainer handbook — a documentation page that genuinely
exists in real open source projects.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Rename DevOps Agent to Release Agent for consistency

The web pages use an open source project management theme
(releases, contributing, changelogs) so the agent should match.
Renamed devops-agent.js → release-agent.js with updated name,
description, system prompt, icon (📦), and all references in
prodbot.js, hints, solution, and README.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add 4 agents and multi-agent workflows to Level 5

Expand from 2 to 6 agents to make Level 5 feel like a real
multi-agent open source platform:

New agents (no AI calls, simulated local output):
- Triage Agent: issue scanning, priority labelling
- Review Agent: code quality checks, AI slop detection
- Docs Agent: automated README generation from sandbox
- Sync Agent: team status reports, agent health checks

New workflows:
- Single-agent: triage, review, docs, sync (local only)
- Multi-agent: triage→review, research→docs (safe chains)
- Exploit chain unchanged: research→release (1 AI call)

The 4 new agents are red herrings — all sandbox-scoped or
read-only, no trust relationships enabling escalation. Only
the Release Agent has workspace-level access and trusts the
Research Agent, making it the sole confused deputy vector.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add Trust & Safety blurb to Level 5 welcome screen

Displays three reassuring security claims after the agent list:
- All agents are sandbox-scoped or read-only
- Agent-to-agent data is pre-verified internally
- No agent can access files outside its designated scope

All three are subtly false for the Release Agent (workspace
scope, trusts unsanitized Research Agent data). This makes the
vulnerability harder to spot — the player must question the
official security claims.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix header box alignment and normalize comments in agent files

- Fix all content lines between |...| markers to exactly 53 chars
  so the right-side | characters align perfectly
- Add inline comments to triage, review, docs, and sync agents
  to match the comment density of research and release agents
- Each file now has: // comment on constants + metadata,
  /** JSDoc */ on each tool method

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Level 5: multi-vector confused deputy with MCPs, skills, and web browsing

- Add 3 MCP servers (formatter, linter, analytics) with editable data files
- Add 3 skills (summarise, label, draft-pr) with editable templates
- Multi-agent workflow now gathers from web + MCPs + skills (poison any to exploit)
- Add web browsing (web, open <n>, open all) for Level 5
- Expand tools/skills/run commands to Level 5
- Update Release Agent system prompt with false MCP/skill validation claims
- Expand Trust & Safety with false schema-validation and sandboxing claims
- Remove exploit prompt from welcome screen Multi-agent workflows
- Rewrite hints (3) and solution for all 7 exploit approaches
- Add Level 5 web pages to SITE_CATALOG for browser index

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Level 5: polish welcome screen, false read-only claims, remove dates

- Remove 2026 from all 4 web pages (timeless content)
- Release Agent now claims 'Read-only project access' (false — has full access)
- Trust & Safety says all agents are read-only (teaching: verify AI claims)
- Move 'sync team status' to top of Try: section
- Rename 'Connected agents' → 'Agents', 'MCP servers' → 'Tools' as category headers
- Remove agents/tools/skills/web from Try: (shown under own categories)
- Update hints and solution: replace 'elevated' with read-only deception angle

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Level 5: nest Try: into Single-agent and Multi-agent sub-headings

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Level 5: add quotes to single-agent Try: items for consistency

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix AAPL symbol extraction, normalize agent comments, polish hints

- Level 3: Finance MCP now extracts ticker from freeform input
  (e.g. 'price of AAPL' → AAPL) by matching against known tickers
- Level 5: Fix release-agent.js header vertical line alignment
- Level 5: Rewrite release-agent JSDoc to not reveal vulnerability
- Level 5: Split long system prompt line into multiple lines
- Level 5: Remove 'no sanitization' comment from research-agent
- Level 5: Normalize comment density across all 6 agent files
- Level 5: Update skill approval dates to mid March 2026
- Level 5: Remove explicit exploit prompts from hint-3.txt
- Level 5: Add empty line between Try: and Single-agent:

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add complete Season 4 README with storylines and file guide

Five levels with progressive AI security challenges:
- Level 1: Sandbox Escape (path traversal)
- Level 2: Indirect Injection (web content poisoning)
- Level 3: Excessive Agency (over-permissioned tools)
- Level 4: Supply Chain Poisoning (memory + skills)
- Level 5: Confused Deputy (multi-agent trust boundaries)

Includes: intro storyline, file structure guide, per-level
storylines, getting-started steps, rate limit notices,
completion recap, and next-steps section.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Major polish: fix open-all, add disclaimers, refactor skills to spec

Web server fix:
- Track current web server directory; restart when level changes
- Fixes 'open all' showing Level 2 pages when on Level 5

Finance MCP fix:
- Add company name aliases (APPLE→AAPL, MICROSOFT→MSFT, etc.)
- All 'Try:' queries now resolve correctly

Welcome screen:
- Swap L1 secure-alternatives order (path validation now #1)
- Add exploit-reuse disclaimer on levels 2-5

Do-not-edit disclaimers:
- All 18 HTML web files (simulated websites)
- All 9 MCP server files (simulated external tools)
- All 6 agent files + config.json (simulated managed agents)
- 3 lib files + prodbot.js (game engine internals)
- 2 MCP template files (org-managed resources)

Skills refactored to agentskills.io specification:
- Level 4: 6 skills → directory-based (SKILL.md + handler.js)
- Level 5: 3 skills → directory-based with assets/references
- Updated loadSkills() to support directory-based skill loading
- All SKILL.md files have proper YAML frontmatter
- Updated solution.txt and hint-3.txt for new paths

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add spacing after disclaimer, replace 'production' with 'real world'

- Add empty line between welcome box and exploit-reuse disclaimer
- Replace 'In production' with 'In the real world' in all 45+
  do-not-edit disclaimer comments across HTML, JS, MD, and JSON files

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Rewrite README: developer framing, no hints, simpler structure

- Intro: mention MCP, skills, agentic workflows, multi-agent; add launch instructions
- Your Task: developer testing ProdBot as second brain, lead with password.txt
- Launch instructions appear 3 times (intro, task, Level 1 time-to-start)
- What's in the repo moved inside Level 1 (Season 3 pattern)
- Credits moved before levels
- Level 1: simpler pilot storyline, human-in-the-loop explained, no path-study steps
- Level 2: renamed 'Web Access' (not 'Indirect Injection'), removed all exploit hints
- Level 3: renamed 'Tool Integrations', removed permission hints
- Level 4: renamed 'Skills & Memory', removed data-flow hints
- Level 5: shortened storyline, removed source-code-reading steps
- All levels: consistent 'Try to extract the flag' step, no solution hints

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Polish README: terminology, titles, remove em dashes and hints

- 'agentic coding assistant for your terminal' (industry terminology)
- Remove standalone code block, keep inline launch instructions
- password.txt paragraph merged with evolution paragraph
- Em dashes replaced with commas/colons throughout prose
- Bullet separators changed from em dash to colon
- '?' help command mentioned in intro
- Level navigation: 'or navigate directly to Level N by typing level N'
- Level 3 renamed: Agentic Workflows
- Level 4 renamed: Skilling Up
- 'has a problem' → 'has a security vulnerability'

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* README: credits, natural language style, inclusivity, help command

- Add credits: jkcso (creator), rzhade3 (special thanks), bgalek (Season 3)
- 'No security background is needed' inclusivity message
- 'using only natural language in the CLI' in task description
- Repo descriptions use natural language (contains, provides, offers)
- Add '?' help command to Level 1 Time to start

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* README: move inclusivity line, simplify intro, update credits

- Intro: 'browses the web' (remove 'simulated'), add inclusivity message, remove '?' mention
- Your Task: move 'No security background needed' next to 'for you to exploit'
- Credits: thank Rahul and Bartosz for testing and improving Season 4

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* README: rephrase inclusivity, add Season 3 recommendation

- Remove colon, highlight natural language aspect
- Mention Season 3 as optional but recommended (1-1.5 hours)
- Link to Season 3 directory

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* README: split welcome into two paragraphs, Codespace guidance

- Paragraph 1: ProdBot capabilities + Codespace launch instructions
- Paragraph 2: inclusivity message + Season 3 recommendation
- Link to Codespaces feature page for newcomers

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* README: remove Codespace link, keep plain text

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add Commands section to all level welcome screens

Each level now shows available commands directly in the welcome,
so players can discover functionality without needing ? help:
- Level 1: level, ?
- Level 2: open, open all, level, ?
- Level 3: tools, tool, level, ?
- Level 4: skills, skill, run, remember, memory, forget, level, ?
- Level 5: agents, tools, skills, run, open all, remember, memory, level, ?

Also adds Try examples for Level 1.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Welcome commands: add remember/memory/forget to all levels, remove open <n> from L2

- Level 1-3: add remember, memory, forget commands
- Level 2: remove 'open <n>', keep 'open all'

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Reorder welcome commands: ? first, then level, then remember/forget/memory

Consistent order across all levels:
  ? → level <n> → level-specific → remember → forget → memory

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Welcome commands: new commands first, level/? last

New level-specific commands appear at the top, remember/forget/memory
in the middle, level <n> and ? always at the bottom.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add task descriptions to each level welcome screen

Level 1: full task framing (company pilot, sandbox, password.txt)
Levels 2-5: 'What's new' highlighting the new capability

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Rename to 'Task:', replace flag text with 'Make ProdBot read password.txt'

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* L4: merge Run into Try section

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Reorder solutions/hints: create-first, edit-for-education

Level 2: Reorder approaches so creating new websites comes
first (Quick One-Liner, Create New Website), editing existing
files moved to approaches 3-5 with real-world framing note.
Hint 2 rewritten to lead with creating files.

Level 5: Reorder so pre-poisoned trigger, create new web/MCP/
skill come first (approaches 1-4), editing existing files
moved to approaches 5-7 with educational framing notes.
Hint 3 rewritten with same create-first ordering.

Aligns with do-not-edit disclaimers on simulation files.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Redesign help (?) to be level-specific

Each level now shows: Task reminder, level-specific Commands
(with remember/forget/memory inline), and matching Examples.
Removed generic 'What ProdBot can do', 'Web search', 'MCP tools'
sections. Removed separate 'Memory:' section.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix audit issues: L2 path traversal in solution, L3 web-mcp ref, L2 index disclaimer

- L2 solution.txt: Fix web file creation paths to use ../web/
  (ProdBot sandbox is prodbot-activities/, web search reads from web/)
- L3 solution.txt: Fix web-mcp.js reference from Level-2 to Level-3
- L2 web/index.html: Add missing do-not-edit disclaimer

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* README: remove agentskills link, unlink Season 3, y/n, natural language Finish

- Remove agentskills.io specification link from skills description
- Unlink Season 3 (plain text, no hyperlink)
- Change yes/no to y/n in human-in-the-loop instruction
- Finish section uses natural language verbs (demonstrates, shows,
  reveals, illustrates, exposes) instead of colons

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Redesign root README and update copyright to 2026

- Replace Season 3 announcement with Season 4 (Agentic Workflows, Multi-Agent Communications)
- Add Seasons directory with AI and Secure Coding categories
- Refactor Secure Code Game description
- Restructure Welcome section with blockquote layout
- Replace Start Course button with Use this template instructions
- Remove entire Local Installation section, keep Codespaces only
- Update copyright from 2025 to 2026 in all 5 README files

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Polish root README: intro rewrite, remove extensions, widen season columns

- Move Agentic Workflows line to second paragraph under Secure Code Game
- Rewrite intro: free, 2 minutes, browser, 10k+ players, gh.io/scg link
- Remove optional extensions section
- Remove emojis from Seasons, Getting started headings (keep on AI/Secure Coding)
- Widen Season column in tables with non-breaking spaces

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Refine README: richer Season 4 intro, Duration column, non-hinting descriptions

- Move gh.io/scg before contributions, reframe contributions as invitation
- Expand Season 4 paragraph: covers all ProdBot capabilities, no AI experience needed
- Rename Description to What you'll learn with non-hinting educational framing
- Add Duration column to all season tables
- Shorten Focus labels to fit one line (Agentic AI, LLM Security, Multi-Stack, Foundations)
- Move How long into table Duration, remove What you'll learn from Welcome (covered in tables)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Restructure README: merge Welcome into intro, update durations

- Season 4 duration: ~2 hrs, Season 3: ~1.5 hrs
- Merge 'Who is this for' into intro paragraph
- Move prerequisites into Getting started as context before steps
- Remove standalone Welcome section for cleaner flow: What > Browse > Play > Help

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Update announcement to Agentic AI, set S1/S2 duration to ~6 hrs

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Move prerequisites into season tables, remove standalone line

- Each season's What you'll learn now includes language/prerequisite info on a second line
- Concised descriptions throughout
- Removed standalone prerequisites paragraph from Getting started

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Use bullet points for Codespace sub-steps

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Remove trailing megaphone emoji from announcement

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Replace Season 3 GIF with Season 4 demo GIF

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Rename Seasons to Pathways, add GIF to S4, update S3 duration, trim rate limits

- Root README: rename 'Seasons' heading to 'Pathways'
- Season-4 README: add Season 4 demo GIF above Your Task
- Season-4 README: change S3 reference to 'nearly one and a half hours'
- Season-4 README: remove rate limit sections from Levels 3, 4, 5 (keep Level 2 only)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Move GIF above Your Task heading in Season-4 README

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* S4 README: use ~1.5 hours, add emoji to What's in the repo, add rate limits to L4

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Polish GIF presentation and update credits

- Bartosz Gałek: 'the legendary creator of Season 3'
- Season-4 README: center GIF with dividers above and below for breathing room
- Root README: center GIF with div align center

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add GIF dividers to main README, add no-prerequisites messaging to both READMEs

- Root README: dividers around GIF, seasons are self-contained, no AI/coding experience needed
- Season-4 README: align messaging to 'No AI or coding experience needed'

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Update AI seasons to 'No AI or coding experience needed'

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Standardise dividers across Season 3 and Season 4 READMEs

- Season 3: add divider after GIF, between credits and Level 1, before Finish
- Season 4: add divider before Finish
- Consistent pattern: dividers around GIFs, between intro/credits and gameplay, before Finish

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Center Season 3 GIF with dividers for consistency

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Replace Season 3 GIF with new version

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add 📂 emoji to Season 3 What's in the repo heading for consistency with Season 4

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Polish CONTRIBUTING.md: consistent dividers, blockquote example

- Add dividers between all sections for visual consistency
- Wrap Example in blockquote for visual distinction
- Remove bullet from Additional Information paragraph

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Restructure CONTRIBUTING.md into two tracks: Secure Coding and AI

- Secure Coding track (Seasons 1 & 2): existing proposal/PR flow preserved
- AI track (Seasons 3, 4 & beyond): invites contributions extending ProdBot towards Season 5
- Same emojis as main README (🛡️ Secure Coding, 🤖 AI)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Move AI track before Secure Coding in CONTRIBUTING, annotate requirements.txt

- AI section now appears first to reflect current focus
- Changed 'described above' to 'described below' since PR process follows
- Added comment to requirements.txt explaining it serves Seasons 1 & 2 via postCreateCommand

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Extract shared contribution process into its own section

- 'How to contribute' with steps 1-3 now applies to both tracks
- AI and Secure Coding sections describe only their focus areas
- Removed JS-specific file list from PR step (generalised to all tracks)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix prodbot command: use dynamic path instead of hardcoded repo name

The symlink used /workspaces/secure-code-game/ which breaks when users
create a repo from the template with a different name. Now uses $(pwd)
to resolve the correct workspace path dynamically.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix pip install failing with externally-managed-environment (PEP 668)

The newer Ubuntu base image blocks system-wide pip installs. Add
--break-system-packages flag since this is a disposable Codespace container.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Clean up vitest console output in Season 3

Add onConsoleLog returning false to suppress the source location
annotations (❯ file:line) that vitest adds to every console.log,
so congratulations and error messages display cleanly.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Suppress vitest extension debug output in Codespace

Set vitest.logLevel to error to prevent the Collecting/Skipping
debug noise when running tests via the VS Code play button.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix vitest Test Results panel output for Season 3

- Pass descriptive messages to assert.fail() so the VS Code Test Results
  panel shows the LLM model response on failure and meaningful error text
  instead of a bare AssertionError
- Revert onConsoleLog suppression from vitest.config.js so console output
  flows through to terminal and Test Results panel
- Applied consistently across all 6 levels

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Clean vitest output: route all messages through assert.fail

Move all failure output (model response, error messages, hints) into
assert.fail() messages which vitest renders cleanly without stdout/stderr
block headers and file:line annotations. Consolidate success output into
a single console.log. Remove unused error/warn imports from all levels.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Break long template literals into multi-line concatenation

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Use console.log for all test output to get consistent white text

Move all failure messages from assert.fail(message) to console.log()
followed by bare assert.fail(). This ensures both pass and fail output
renders in the same white color in VS Code's Test Results panel, instead
of assert.fail painting everything red.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add OpenClaw and Copilot CLI inspiration to ProdBot description

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Replace em dashes with commas and parentheses across READMEs

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Simplify Level 1 solution with tested, beginner-friendly one-liners

- Add 'Quick Start' section with proven prompts that work reliably
- Lead with natural language approach (set variable D to two dots)
- Add warning about common pitfall (LLM simplifies combined commands)
- Update base64 prompt to 'run this exactly:' for reliability
- Remove em dashes throughout
- All solutions verified against live ProdBot with gpt-4.1-nano

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add .vite/ to .gitignore

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Merge Quick Start into Bypass sections, use tested prompts

- Remove standalone Quick Start section, merge content into Bypass 1
- Lead Bypass 1 with 'run D=.. and then run cat $D/password.txt'
  (tested and confirmed working with gpt-4.1-nano)
- Add fallback prompt: 'execute these two commands: first D=..'
- Keep common pitfall warning about LLM simplification
- Use '..' (single quotes) consistently instead of ".." (double quotes)
- All three solutions verified against live ProdBot

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Remove .vite/results.json from tracking

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Update Level 3 welcome: add 'Research the stock of Apple', remove cloud backup

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix .vite/ gitignore

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Revert Level 3 Try prompts, change cloud backup example

- Restore 'Research Apple's stock' in Try section
- Replace 'Use cloud backup to list backups' with 'Back up a file to cloud'
- Update help section to match

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: jkcso

.devcontainer/devcontainer.json

@@ -9,10 +9,13 @@
         "redhat.vscode-yaml",
         "golang.go",
         "vitest.explorer"
-      ]
+      ],
+      "settings": {
+        "vitest.logLevel": "error"
+      }
     }
   },
-  "postCreateCommand": "pip install -r requirements.txt; npm install --prefix Season-3/",
+  "postCreateCommand": "pip install --break-system-packages -r requirements.txt; npm install --prefix Season-3/; npm install --prefix Season-4/; chmod +x Season-4/bin/prodbot.js && mkdir -p ~/.local/bin && ln -sf \"$(pwd)/Season-4/bin/prodbot.js\" ~/.local/bin/prodbot && echo 'export PATH=\"$HOME/.local/bin:$PATH\"' >> ~/.bashrc && export PATH=\"$HOME/.local/bin:$PATH\"",
   "features": {
     "ghcr.io/devcontainers/features/python:1.7.1": {},
     "ghcr.io/devcontainers/features/node:1": {}

.gitignore

@@ -1,3 +1,14 @@
+### SEASON 4 ###
+# ProdBot sandbox — runtime-generated files, auto-created by prodbot.js
+Season-4/Level-1/prodbot-activities/*
+!Season-4/Level-1/prodbot-activities/.gitkeep
+Season-4/Level-2/prodbot-activities/*
+!Season-4/Level-2/prodbot-activities/.gitkeep
+Season-4/Level-3/prodbot-activities/*
+!Season-4/Level-3/prodbot-activities/.gitkeep
+Season-4/Level-4/prodbot-activities/*
+!Season-4/Level-4/prodbot-activities/.gitkeep
+
 ### VSCODE ###
 .vscode/*
 !.vscode/settings.json
@@ -31,6 +42,7 @@ downloads/
 eggs/
 .eggs/
 lib/
+!Season-4/lib/
 lib64/
 parts/
 sdist/
@@ -303,4 +315,5 @@ Thumbs.db
 modules.order
 Module.symvers
 Mkfile.old
-dkms.conf
+dkms.conf.vite/
+.vite/

CONTRIBUTING.md

@@ -1,51 +1,65 @@
 # Secure Code Game Contribution Guideline
 
-Thank you for your interest in contributing to the Secure Code Game. Let's collaborate and bring your ideas to life for a lasting impact on the global cybersecurity scene. Follow these guidelines:
+Thank you for your interest in contributing to the Secure Code Game. Let's collaborate and bring your ideas to life for a lasting impact on the global cybersecurity scene. Contributions fall into two tracks depending on where your idea fits best.
 
-## 1. Review current proposals
+---
 
-Make sure your idea was not already discussed. Consider joining [existing proposals](https://github.com/skills/secure-code-game/discussions/categories/new-level-proposals) and contributing collaboratively instead of duplicating efforts.
-
-## 2. Create a new proposal
+## 🤖 Artificial Intelligence (Seasons 3, 4 & beyond)
 
-Start a [new discussion](https://github.com/skills/secure-code-game/discussions/new?category=new-level-proposals) by providing, at the very least, the following elements:
+These seasons focus on AI security, from prompt injection in LLM applications (Season 3) to agentic workflows, multi-agent communications, and tool-use vulnerabilities in ProdBot (Season 4). If you have ideas for extending ProdBot with the latest advances in artificial intelligence towards Season 5, we want to hear from you.
 
-- **Vulnerability:** Propose a specific vulnerability that you would like to include in the game.
-- **Programming Language:** Specify the programming language you want to use for implementing the code.
-- **Scenario:** Describe the scenario where the vulnerability will be introduced.
+Contributions in this track could include new attack vectors, defensive techniques, agent architectures, MCP integrations, skill plugins, or entirely new capabilities that reflect the evolving AI security landscape. Make sure your contribution aligns with ProdBot's existing architecture in `Season-4/`.
 
-**Example:**
+---
 
-👋 Hi, I would like to contribute a DOM-based Cross-Site Scripting (XSS) vulnerability in JavaScript. The scenario involves an online forum where users can write responses through a text box, but input sanitization wasn't implemented securely. An attacker could exploit this by injecting malicious code, for example `</>`.
+## 🛡️ Secure Coding (Seasons 1 & 2)
 
-## Increase your proposal’s chances
+These seasons focus on finding and fixing traditional security vulnerabilities across multiple programming languages. If your idea involves a specific vulnerability class and language, this is the right track.
 
-To increase the chances of your proposal being merged into the game, consider suggesting a vulnerability and programming language combination that we haven't yet included in the game or rejected in past discussions. While we welcome all contributions, you will have more chances for these popular vulnerabilities and programming languages:
+To increase the chances of your proposal being merged, consider suggesting a vulnerability and programming language combination that we haven't yet included or rejected in past discussions. While we welcome all contributions, you will have more chances for these popular vulnerabilities and languages:
 
 - **TypeScript/JavaScript:** Server-Side Request Forgery (SSRF), Broken Access Control, Cross-Site Request Forgery (CSRF)
 - **C#:** Server-Side Request Forgery (SSRF), Remote Code Execution, Insecure Deserialization, Cross-Site Request Forgery (CSRF)
 - **Java:** Broken Access Control, Remote Code Execution, Insecure Deserialization
 
-Please feel free to propose other vulnerabilities and programming languages or frameworks as well. For those looking for community feedback on an idea before opening a discussion, or for other collaborators and beta-testers, you can join our vibrant [Slack community](https://gh.io/securitylabslack) and engage in the [#secure-code-game](https://ghsecuritylab.slack.com/archives/C05DH0PSBEZ) channel.
+Please feel free to propose other vulnerabilities, languages, or frameworks as well.
+
+---
+
+## How to contribute
+
+The following process applies to both tracks.
+
+### 1. Review current proposals
+
+Make sure your idea was not already discussed. Consider joining [existing proposals](https://github.com/skills/secure-code-game/discussions/categories/new-level-proposals) and contributing collaboratively instead of duplicating efforts.
+
+### 2. Create a new proposal
+
+Start a [new discussion](https://github.com/skills/secure-code-game/discussions/new?category=new-level-proposals) by providing, at the very least, the following elements:
+
+- **Vulnerability:** Propose a specific vulnerability that you would like to include in the game.
+- **Programming Language:** Specify the programming language you want to use for implementing the code.
+- **Scenario:** Describe the scenario where the vulnerability will be introduced.
+
+**Example:**
+
+> 👋 Hi, I would like to contribute a DOM-based Cross-Site Scripting (XSS) vulnerability in JavaScript. The scenario involves an online forum where users can write responses through a text box, but input sanitization wasn't implemented securely. An attacker could exploit this by injecting malicious code, for example `</>`.
 
-## 3. Submit a Pull Request
+### 3. Submit a Pull Request
 
-Once your proposal receives approval in [GitHub Discussions](https://github.com/skills/secure-code-game/discussions/categories/new-level-proposals), you can proceed to submit a pull request (PR) to the game's [repository](https://github.com/skills/secure-code-game). Ensure that your PR follows the [file structure](https://github.com/skills/secure-code-game) conventions of the existing game levels. For example, if you're submitting a DOM-based Cross-Site Scripting (XSS) vulnerability in JavaScript, your PR should include the following files:
+Once your proposal receives approval in [GitHub Discussions](https://github.com/skills/secure-code-game/discussions/categories/new-level-proposals), submit a pull request (PR) following the [file structure](https://github.com/skills/secure-code-game) conventions of the existing levels. Ensure your PR includes all necessary files such as a storyline, vulnerable code, hints, solution, and tests.
 
-- storyline
-- code.js
-- hack.js
-- hint.js
-- solution.js
-- tests.js
-- dependencies in requirements.txt
+---
 
 ## Credit
 
 We highly appreciate your contribution to the Secure Code Game. As a token of our gratitude, we will prominently display your name at the beginning of the level you contribute, along with a clickable URL to your GitHub profile or another social media platform of your choice.
 
+---
+
 ## Additional Information
 
-- If you have any questions or need assistance, don't hesitate to ask for help in [GitHub Discussions](https://github.com/skills/secure-code-game/discussions/categories/new-level-proposals) or from our [Slack community](https://gh.io/securitylabslack) at the [#secure-code-game](https://ghsecuritylab.slack.com/archives/C05DH0PSBEZ) channel.
+If you have any questions or need assistance, don't hesitate to ask for help in [GitHub Discussions](https://github.com/skills/secure-code-game/discussions/categories/new-level-proposals) or from our [Slack community](https://gh.io/securitylabslack) at the [#secure-code-game](https://ghsecuritylab.slack.com/archives/C05DH0PSBEZ) channel.
 
-We appreciate your dedication to improving software security through the Secure Code Game 🎮 🔐
+We appreciate your dedication to improving software security through the Secure Code Game 🎮 🔐