fix(security): Harden skill tooling file handling

Guard metadata repair and doc sync scripts against symlink targets so repo maintenance tasks cannot overwrite arbitrary local files. Replace recursive skill discovery with an iterative walk that skips symlinked directories, and harden the VideoDB listener to write only private regular files in the user-owned state directory. Also fix the broken pr:preflight script entry and make the last30days skill stop embedding raw user arguments directly in the shell command.
2026-03-21 11:34:38 +01:00
parent a0e8381775
commit 3efff111d2
19 changed files with 453 additions and 31 deletions
--- a/tools/scripts/fix_missing_skill_sections.py
+++ b/tools/scripts/fix_missing_skill_sections.py
@@ -7,6 +7,7 @@ import re
 import sys
 from pathlib import Path

+from _safe_files import is_safe_regular_file
 from _project_paths import find_repo_root
 from validate_skills import configure_utf8_output, has_when_to_use_section, parse_frontmatter

@@ -115,6 +116,9 @@ def append_section(content: str, section_text: str) -> str:


 def update_skill_file(skill_path: Path, *, add_missing: bool = False) -> tuple[bool, list[str]]:
+    if not is_safe_regular_file(skill_path):
+        return False, []
+
    content = skill_path.read_text(encoding="utf-8")
    metadata, _ = parse_frontmatter(content, skill_path.as_posix())
    if not metadata:
@@ -166,6 +170,9 @@ def main() -> int:
            continue

        skill_path = Path(root) / "SKILL.md"
+        if not is_safe_regular_file(skill_path):
+            print(f"SKIP {skill_path.relative_to(repo_root)} [symlinked_or_unreadable]")
+            continue
        content = skill_path.read_text(encoding="utf-8")
        metadata, _ = parse_frontmatter(content, skill_path.as_posix())
        if not metadata or not isinstance(metadata.get("description"), str):