Problem
The directory-expansion branch in scan_for_plans (src/specify_cli/intake_sources.py):
for child in sorted(abs_path.iterdir()):
if child.is_file() and child.suffix == ".md":
results.append(...)child.is_file() follows symlinks. A symlink inside .opencode/plans/ pointing to any world-readable file with a .md suffix would be included in the results and its full contents written verbatim into .kittify/mission-brief.md.
Suggested fix
Either skip symlinks explicitly:
if child.is_file() and not child.is_symlink() and child.suffix == ".md":
Or, stronger: verify the resolved child path is still within abs_path:
if child.is_file() and child.suffix == ".md" and child.resolve().is_relative_to(abs_path.resolve()):
Problem
The directory-expansion branch in
scan_for_plans(src/specify_cli/intake_sources.py):child.is_file()follows symlinks. A symlink inside.opencode/plans/pointing to any world-readable file with a.mdsuffix would be included in the results and its full contents written verbatim into.kittify/mission-brief.md.Suggested fix
Either skip symlinks explicitly:
Or, stronger: verify the resolved child path is still within
abs_path: