fix: harden filesystem trust boundaries

tools/scripts/tests/test_sync_microsoft_skills_security.py

@@ -0,0 +1,46 @@
+import sys
+import tempfile
+import unittest
+from pathlib import Path
+
+
+TOOLS_SCRIPTS_DIR = Path(__file__).resolve().parents[1]
+if str(TOOLS_SCRIPTS_DIR) not in sys.path:
+    sys.path.insert(0, str(TOOLS_SCRIPTS_DIR))
+
+import sync_microsoft_skills as sms
+
+
+class SyncMicrosoftSkillsSecurityTests(unittest.TestCase):
+    def test_sanitize_flat_name_rejects_path_traversal(self):
+        sanitized = sms.sanitize_flat_name("../../.ssh", "fallback-name")
+        self.assertEqual(sanitized, "fallback-name")
+
+    def test_find_skills_ignores_symlinks_outside_clone(self):
+        with tempfile.TemporaryDirectory() as temp_dir:
+            root = Path(temp_dir)
+            skills_dir = root / "skills"
+            skills_dir.mkdir()
+
+            safe_skill = root / ".github" / "skills" / "safe-skill"
+            safe_skill.mkdir(parents=True)
+            (safe_skill / "SKILL.md").write_text("---\nname: safe-skill\n---\n", encoding="utf-8")
+            (skills_dir / "safe-skill").symlink_to(safe_skill, target_is_directory=True)
+
+            outside = Path(tempfile.mkdtemp())
+            try:
+                (outside / "SKILL.md").write_text("---\nname: leaked\n---\n", encoding="utf-8")
+                (skills_dir / "escape").symlink_to(outside, target_is_directory=True)
+
+                entries = sms.find_skills_in_directory(root)
+                relative_paths = {str(entry["relative_path"]) for entry in entries}
+
+                self.assertEqual(relative_paths, {"safe-skill"})
+            finally:
+                for child in outside.iterdir():
+                    child.unlink()
+                outside.rmdir()
+
+
+if __name__ == "__main__":
+    unittest.main()