Validate file references in skill body and sanitize untrusted content

## Context

Audit findings AUDIT-011 and AUDIT-017 from spec conformance review.

## Problems

1. Skill body can reference files (e.g. \`[docs](references/api.md)\`) without validation that they exist or stay within skill_dir. Path traversal risk if agent code loads these references.

2. Skill body is injected verbatim into prompt without sanitization. Untrusted skills (installed from URLs) could include XML tag injection or prompt injection content.

## Fixes

1. Add \`validate_skill_references()\` to check referenced paths exist and are within skill_dir
2. For untrusted skills (trust level != trusted), wrap body in CDATA or sanitize XML special characters

## References

- Spec: https://agentskills.io/specification.md#file-references
- Files: \`crates/zeph-skills/src/prompt.rs\`, \`crates/zeph-skills/src/loader.rs\`
- Parent audit: #686

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Validate file references in skill body and sanitize untrusted content #689

Context

Problems

Fixes

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Validate file references in skill body and sanitize untrusted content #689

Description

Context

Problems

Fixes

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions