The PR now blocks skill deletions that target paths outside approved directories by validating the resolved path before deletion, replacing a previously unguarded delete path that could be driven by crafted input.
Scattered source updates, isolated context, and manual follow-up across multiple feeds.
Introduced a concrete path-boundary enforcement: normalized path resolution plus allowlist matching is now executed before skill removal, so only trusted project/config/cwd roots are eligible and `Skill.remove()` is short-circuited when a target falls outside those roots.
Users deleting skills through the webview/CLI flow can avoid accidental or malicious deletion of files outside expected folders, because unsafe locations are blocked before any file-system removal occurs. The hardening is done at both API route and service layers with explicit trusted-root checks, which should reduce file-loss incidents; continue tracking whether custom workspace layouts are fully covered by the allowlist and whether any alternative deletion path can execute without the same check.
Users deleting skills through the webview/CLI flow can avoid accidental or malicious deletion of files outside expected folders, because unsafe locations are blocked before any file-system removal occurs. The hardening is done at both API route and service layers with explicit trusted-root checks, which should reduce file-loss incidents; continue tracking whether custom workspace layouts are fully covered by the allowlist and whether any alternative deletion path can execute without the same check.