unchained/mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(skills): re-validate pack URL before git clone

Browse Source
This commit is contained in:
Abhimanyu Saharan
2026-02-13 23:21:47 +00:00
parent 7e48f1a9e0
commit dcdbbb7e5c
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
backend/app/api/skills_marketplace.py
View File

@@ -378,6 +378,9 @@ def _collect_pack_skills_from_repo(
def _collect_pack_skills(source_url: str) -> list[PackSkillCandidate]: def _collect_pack_skills(source_url: str) -> list[PackSkillCandidate]:
"""Clone a pack repository and collect skills from index or `skills/**/SKILL.md`.""" """Clone a pack repository and collect skills from index or `skills/**/SKILL.md`."""
# Defense-in-depth: validate again at point of use before invoking git.
_validate_pack_source_url(source_url)
with TemporaryDirectory(prefix="skill-pack-sync-") as tmp_dir: with TemporaryDirectory(prefix="skill-pack-sync-") as tmp_dir:
repo_dir = Path(tmp_dir) repo_dir = Path(tmp_dir)
try: try: