fix(security): enforce path boundary checks in skill manager operations

[Dusk1e]

Vulnerability Description

• Target File: tools/skill_manager_tool.py
• Vulnerability Type: Path Traversal via Symbolic Link (CWE-22)
• Status: Mitigated

Problem: The skill_manage utility's supporting file operations previously relied on a naive substring check (searching for .. segments). This approach failed to account for symbolic links, which could allow a malicious skill to bypass the intended directory boundaries and access sensitive files on the host system (e.g., credentials, configuration files).

---

2. Technical Mitigation

This patch replaces basic string filtering with a robust Resolved Path Boundary Check.

• Helper Implementation: Added a centralized _is_safe_path validation (line 243) using Path.resolve().
• Execution Funnels: Integrated mandatory boundary enforcement into the following critical I/O paths:
  • _patch_skill (line 406)
  • _write_file (line 519)
  • _remove_file (line 554)
• Outcome: Any operation resulting in a resolved path outside the designated skill_dir is now strictly aborted.

---

3. Regression Testing & Verification

Three security-focused test cases have been added to tests/tools/test_skill_manager_tool.py to ensure long-term stability:

• test_patch_skill_fails_on_symlink_escape (line 335): Confirms that patching files outside the skill root via symlink is blocked.

• test_write_file_fails_on_symlink_escape (line 399): Verifies that writes to external directories are rejected.

• test_remove_file_fails_on_symlink_escape (line 434): Ensures unauthorized file deletion is prohibited.

• Verification: git diff --check passed. Logic follows established security patterns used in other hardened modules of the project.

---

• Test Command: python -m pytest tests/tools/test_skill_manager_tool.py -q

[teknium1]

Merged via #7156. Your symlink traversal fix was cherry-picked with authorship preserved — clean, correct CWE-22 mitigation. Thanks, @Dusk1e!