mirror of
https://github.com/anthropics/claude-plugins-official.git
synced 2026-07-09 06:33:51 +08:00
Addresses automated security review of the workflow conversion: - Agent-produced text (rule specs, finding descriptions, dedup lists) is fenced as untrusted data when interpolated into downstream agent prompts, with embedded fence markers stripped so the fence can't be escaped; referees and judges are told to re-derive claims from the cited code. - system/service/subdir names that land in filesystem paths inside prompts are validated against a strict pattern — traversal-shaped values throw before any agent spawns. - Reimagine scaffolding now uses a dedicated 'scaffolder' agent with an explicit minimal tool list, a single-directory write scope, and the untrusted-content discipline extended to the generated spec/architecture docs it builds from (they derive from untrusted legacy code). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>