Farukest a3ca71fe26 fix: use is_relative_to() for symlink boundary check in skills_guard ...

The symlink escape check in _check_structure() used startswith()
without a trailing separator. A symlink resolving to a sibling
directory with a shared prefix (e.g. 'axolotl-backdoor') would pass
the check for 'axolotl' since the string prefix matched.

Replaced with Path.is_relative_to() which correctly handles directory
boundaries and is consistent with the skill_view path check.

2026-03-04 17:23:23 +03:00

6.3 KiB

Raw Blame History

View Raw