3efff111d2
Guard metadata repair and doc sync scripts against symlink targets so repo maintenance tasks cannot overwrite arbitrary local files. Replace recursive skill discovery with an iterative walk that skips symlinked directories, and harden the VideoDB listener to write only private regular files in the user-owned state directory. Also fix the broken pr:preflight script entry and make the last30days skill stop embedding raw user arguments directly in the shell command.
19 lines
522 B
Python
19 lines
522 B
Python
import unittest
|
|
from pathlib import Path
|
|
|
|
|
|
REPO_ROOT = Path(__file__).resolve().parents[3]
|
|
SKILL_PATH = REPO_ROOT / "skills" / "last30days" / "SKILL.md"
|
|
|
|
|
|
class Last30DaysSkillSecurityTests(unittest.TestCase):
|
|
def test_skill_does_not_embed_user_arguments_directly_in_shell_command(self):
|
|
content = SKILL_PATH.read_text(encoding="utf-8")
|
|
|
|
self.assertNotIn('last30days.py "$ARGUMENTS"', content)
|
|
self.assertIn("cat <<'LAST30DAYS_TOPIC'", content)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
unittest.main()
|