[Bug]: ACP "cwd" change can lock agent out of reading its own skill files

[tidux]

Affected component

security/sandbox

Severity

S1 - workflow blocked

Current behavior

I am using ZeroClaw in an ACP session with cwd set to a repository outside of my ZeroClaw workspace. I instructed ZeroClaw to read a skill file from that workspace, and it failed. Skill prompt injection is set to "compact" so the agent knows where the skills are on disk but is not sending the full bodies with every prompt.

Error: Path not allowed by security policy: /home/tidux/.zeroclaw/workspace/skills/subagent-driven-development/SKILL.md

Expected behavior

I expected the skill file to be read.

Steps to reproduce

$ zeroclaw onboard
$ zeroclaw config set skills.prompt_injection_mode "compact" # or config.toml equivalent edit
$ zeroclaw service install
$ zeroclaw service start
$ toad acp zeroclaw-acp-bridge

Impact

Skills included in the workspace can not be used in ACP sessions outside of the workspace root while the sandbox is enabled. This is 100% reproducible.

Logs / stack traces

`Error: Path not allowed by security policy: /home/tidux/.zeroclaw/workspace/skills/subagent-driven-development/SKILL.md`

ZeroClaw version

v0.7.5 (private branch, based on c4b692b )

Rust version

rustc 1.93.1

Operating system

Fedora 44

Regression?

Unknown

Pre-flight checks

• I reproduced this on the latest master branch or latest release.
• I redacted secrets, tokens, and personal data from all submitted content.

[tidux]

Fix implemented. PR waiting on merge of #6417

[tidux]

This also served as a good opportunity to whitelist the null device into the sandbox.