{
  "model": {
    "type": "BPE",
    "vocab": {
      "!": 0,
      "\"": 1,
      "#": 1
    }
  },
  "description": "Benign sample data: looks like phishing or payloads in places, but is safe when treated as JSON only.",
  "clickable_url": {
    "label": "Example documentation link",
    "href": "https://example.com/",
    "note": "IANA-reserved domain; safe placeholder for link tests."
  },
  "embedded_image": {
    "alt": "Small SVG inline as data URL (green square only)",
    "src": "data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='16' height='16'%3E%3Crect fill='%23008000' width='16' height='16'/%3E%3C/svg%3E",
    "remote_fallback": "https://www.w3.org/Assets/w3c_logo.svg"
  },
  "looks_like_credentials_but_is_fake": {
    "username": "demo_user_not_real",
    "password": "hunter2_is_a_meme_not_a_secret"
  },
  "escaped_html_as_data_not_dom": {
    "html_fragment": "<a href=\"https://example.org/\">Click me (string only)</a><img src=\"https://www.w3.org/Assets/w3c_logo.svg\" alt=\"W3C\" />"
  },
  "javascript_url_as_literal_string": {
    "do_not_use_as_href": "javascript:alert('This is only text inside JSON; it does not execute here.')"
  },
  "shell_like_strings": {
    "command_looking": "curl -s https://example.com/ | head -n 1",
    "note": "Plain string; not executed by JSON parsers."
  },
  "base64_looking_but_harmless": {
    "payload": "SGVsbG8sIHRoaXMgaXMganVzdCBiYXNlNjQgZW5jb2RlZCB0ZXh0Lg==",
    "decoded_hint": "Decodes to a simple English sentence, not binary malware."
  },
  "ipv4_that_looks_suspicious": {
    "address": "127.0.0.1",
    "context": "Loopback; common in examples, not an attack by itself."
  },
  "unicode_homoglyph_example": {
    "display": "exаmple.com",
    "warning": "Contains Cyrillic 'а' (U+0430) instead of Latin 'a' — safe to store, but teaches URL review.",
    "safe_ascii_equivalent": "example.com"
  }
}