From c372fd1835e90acfa9b8cba798e7df2a45995a21 Mon Sep 17 00:00:00 2001
From: Arun Kumar Thiagarajan <arunkt.bm14@gmail.com>
Date: Tue, 24 Mar 2026 13:35:27 +0530
Subject: [PATCH] fix(security): skip hidden directories in skill template
 discovery

discoverTemplates() scans subdirectories for SKILL.md.tmpl files but
only skips node_modules, .git, and dist. Hidden directories like
.claude/, .agents/, and .codex/ (which contain symlinked skill
installs) were being scanned, allowing a malicious .tmpl in a
symlinked skill to inject into the generation pipeline.

Fix: add !d.name.startsWith('.') to the subdirs() filter. This skips
all dot-prefixed directories, matching the standard convention that
hidden dirs are not source code.
---
 scripts/discover-skills.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/discover-skills.ts b/scripts/discover-skills.ts
index 5c5092411..67d9a3b6c 100644
--- a/scripts/discover-skills.ts
+++ b/scripts/discover-skills.ts
@@ -10,7 +10,7 @@ const SKIP = new Set(['node_modules', '.git', 'dist']);
 
 function subdirs(root: string): string[] {
   return fs.readdirSync(root, { withFileTypes: true })
-    .filter(d => d.isDirectory() && !SKIP.has(d.name))
+    .filter(d => d.isDirectory() && !d.name.startsWith('.') && !SKIP.has(d.name))
     .map(d => d.name);
 }