firefrost-gaming/antigravity-skills-reference
3
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

fix(security): harden bundle and plugin validation

Browse Source
This commit is contained in:
sickn33
2026-03-31 17:44:19 +02:00
parent e3d2c777fa
commit e18e63cfcb
7 changed files with 172 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
tools/scripts/plugin_compatibility.py
View File

@@ -65,6 +65,8 @@ def _normalize_yaml_value(value: Any) -> Any:
return [_normalize_yaml_value(item) for item in value]
if isinstance(value, (date, datetime)):
return value.isoformat()
if isinstance(value, (bytes, bytearray)):
return bytes(value).decode("utf-8", errors="replace")
return value
@@ -114,6 +116,7 @@ def _runtime_dependency_files(skill_dir: Path) -> list[str]:
def _local_link_reasons(content: str, skill_dir: Path) -> set[str]:
reasons: set[str] = set()
resolved_skill_dir = skill_dir.resolve()
for link in LOCAL_LINK_RE.findall(content):
link_clean = link.split("#", 1)[0].strip()
@@ -125,6 +128,11 @@ def _local_link_reasons(content: str, skill_dir: Path) -> set[str]:
continue
target_path = (skill_dir / link_clean).resolve(strict=False)
try:
target_path.relative_to(resolved_skill_dir)
except ValueError:
reasons.add("escaped_local_reference")
continue
if not target_path.exists():
reasons.add("broken_local_reference")