firefrost-gaming/antigravity-skills-reference
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(security): harden skill apply and activation flows

Browse Source 
Restrict auto-apply to trusted review comments so spoofed issue comments
cannot write optimized SKILL.md content into pull request branches.

Reject activation symlinks that escape the source root and add
regression coverage for both security checks.
This commit is contained in:
sickn33
2026-03-26 13:23:54 +01:00
parent b8684488ab
commit bc49ceec90
5 changed files with 161 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tools/scripts/tests/run-test-suite.js
View File

@@ -11,6 +11,7 @@ const LOCAL_TEST_COMMANDS = [
[path.join(TOOL_TESTS, "activate_skills_shell.test.js")],
[path.join(TOOL_TESTS, "activate_skills_batch_security.test.js")],
[path.join(TOOL_TESTS, "automation_workflows.test.js")],
[path.join(TOOL_TESTS, "apply_skill_optimization_security.test.js")],
[path.join(TOOL_TESTS, "build_catalog_bundles.test.js")],
[path.join(TOOL_TESTS, "claude_plugin_marketplace.test.js")],
[path.join(TOOL_TESTS, "installer_antigravity_guidance.test.js")],