profile_id: template-injection-generic
match_rules:
  keywords:
    - template injection
    - ssti
vuln_family: template-injection
provisioning_mode: synthetic
artifact_source:
  strategy: source-or-synthetic
required_services:
  - app
seed_actions:
  - kind: note
    message: Keep expressions inert and avoid destructive primitives by default.
baseline_actions:
  - kind: http-get
    path: /
attack_actions:
  - kind: note
    message: Validate expression evaluation with benign markers.
browser_assertions:
  required: false
success_criteria:
  - Template evaluation path is proven with harmless marker output.
cleanup_policy: destroy
destructive_risk: medium
allowed_target_types:
  - lab-local
  - lab-public
  - authorized-third-party