Limit path traversal to skill dir

Author: dacharyc

structure/links.go

@@ -40,7 +40,12 @@ func CheckInternalLinks(dir, body string) []types.Result {
 			continue
 		}
 		// Relative link — check file existence
-		resolved := filepath.Join(dir, link)
+		resolved := filepath.Clean(filepath.Join(dir, link))
+		// Block path traversal: the resolved path must stay inside the skill directory.
+		if !strings.HasPrefix(resolved, filepath.Clean(dir)+string(filepath.Separator)) {
+			results = append(results, ctx.Errorf("internal link escapes skill directory: %s", link))
+			continue
+		}
 		if _, err := os.Stat(resolved); os.IsNotExist(err) {
 			results = append(results, ctx.Errorf("broken internal link: %s (file not found)", link))
 		} else {

structure/links_test.go

@@ -57,6 +57,13 @@ func TestCheckInternalLinks(t *testing.T) {
 		requireResult(t, results, types.Pass, "internal link: references/guide.md (exists)")
 	})
 
+	t.Run("path traversal is blocked", func(t *testing.T) {
+		dir := t.TempDir()
+		body := "See [escape](../../../../../../etc/passwd)."
+		results := CheckInternalLinks(dir, body)
+		requireResult(t, results, types.Error, "internal link escapes skill directory: ../../../../../../etc/passwd")
+	})
+
 	t.Run("no links returns nil", func(t *testing.T) {
 		dir := t.TempDir()
 		body := "No links here."