fix: harden filesystem trust boundaries

tools/scripts/tests/skill_utils_security.test.js

@@ -0,0 +1,37 @@
+const assert = require("assert");
+const fs = require("fs");
+const os = require("os");
+const path = require("path");
+
+const { listSkillIds } = require("../../lib/skill-utils");
+
+function withTempDir(fn) {
+  const dir = fs.mkdtempSync(path.join(os.tmpdir(), "skill-utils-security-"));
+  try {
+    fn(dir);
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+}
+
+withTempDir((root) => {
+  const skillsDir = path.join(root, "skills");
+  const outsideDir = path.join(root, "outside-secret");
+
+  fs.mkdirSync(skillsDir, { recursive: true });
+  fs.mkdirSync(outsideDir, { recursive: true });
+
+  fs.mkdirSync(path.join(skillsDir, "safe-skill"));
+  fs.writeFileSync(path.join(skillsDir, "safe-skill", "SKILL.md"), "# safe\n");
+
+  fs.writeFileSync(path.join(outsideDir, "SKILL.md"), "# secret\n");
+  fs.symlinkSync(outsideDir, path.join(skillsDir, "linked-secret"));
+
+  const skillIds = listSkillIds(skillsDir);
+
+  assert.deepStrictEqual(
+    skillIds,
+    ["safe-skill"],
+    "symlinked skill directories must not be treated as local skills",
+  );
+});