fix(security): skip hidden directories in skill template discovery

HMAKT99 · HMAKT99 · commit c372fd1835e9 · 2026-03-24T13:35:27.000+05:30
discoverTemplates() scans subdirectories for SKILL.md.tmpl files but
only skips node_modules, .git, and dist. Hidden directories like
.claude/, .agents/, and .codex/ (which contain symlinked skill
installs) were being scanned, allowing a malicious .tmpl in a
symlinked skill to inject into the generation pipeline.

Fix: add !d.name.startsWith('.') to the subdirs() filter. This skips
all dot-prefixed directories, matching the standard convention that
hidden dirs are not source code.
diff --git a/scripts/discover-skills.ts b/scripts/discover-skills.ts
@@ -10,7 +10,7 @@ const SKIP = new Set(['node_modules', '.git', 'dist']);
 
 function subdirs(root: string): string[] {
   return fs.readdirSync(root, { withFileTypes: true })
-    .filter(d => d.isDirectory() && !SKIP.has(d.name))
+    .filter(d => d.isDirectory() && !d.name.startsWith('.') && !SKIP.has(d.name))
     .map(d => d.name);
 }
 

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ const SKIP = new Set(['node_modules', '.git', 'dist']);`
`10`	`10`
`11`	`11`	`function subdirs(root: string): string[] {`
`12`	`12`	`return fs.readdirSync(root, { withFileTypes: true })`
`13`		`- .filter(d => d.isDirectory() && !SKIP.has(d.name))`
	`13`	`+ .filter(d => d.isDirectory() && !d.name.startsWith('.') && !SKIP.has(d.name))`
`14`	`14`	`.map(d => d.name);`
`15`	`15`	`}`
`16`	`16`