From 070cb0222e6824ed8ead114114660a0fe006d594 Mon Sep 17 00:00:00 2001 From: Imran Siddique Date: Wed, 18 Feb 2026 14:50:24 -0800 Subject: [PATCH] fix: address Copilot PR review comments on agent-governance skill - Use context manager and path validation for file reading example - Block directory traversal attacks with os.path.realpath check - Update terminology: whitelist/blacklist -> allowlist/blocklist Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- skills/agent-governance/SKILL.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/skills/agent-governance/SKILL.md b/skills/agent-governance/SKILL.md index 7f85e6aa..9c6e4875 100644 --- a/skills/agent-governance/SKILL.md +++ b/skills/agent-governance/SKILL.md @@ -499,7 +499,12 @@ policy = GovernancePolicy( @govern(policy) async def read_file(path: str) -> str: """Read file contents — governed.""" - return open(path).read() + import os + safe_path = os.path.realpath(path) + if not safe_path.startswith(os.path.realpath(".")): + raise ValueError("Path traversal blocked by governance") + with open(safe_path) as f: + return f.read() ``` ---