Harden content integrity signature checks by fallintoplace · Pull Request #269 · NVIDIA/skills

fallintoplace · 2026-06-12T22:30:56Z

Summary

Walk signed skill directories and fail when a file is neither signed nor explicitly ignored by signature metadata.
Validate signed resource names before reading files: reject absolute paths, .., non-normalized names, and paths that resolve outside the skill directory.
Honor serialization.allow_symlinks only for symlinks that stay inside the skill directory.

PYTHONDONTWRITEBYTECODE=1 python3 -m py_compile .github/scripts/verify_content_integrity.py
git diff --check
Synthetic temp-dir checks for unsigned extras, ignored files, absolute paths, .., non-normalized paths, disallowed symlinks, allowed in-root symlinks, and symlinks escaping the skill directory.
python3 .github/scripts/verify_content_integrity.py fails as expected on current catalog drift, now including skills/physical-ai-neural-reconstruction/evals/evals.json: UNSIGNED EXTRA.

Signed-off-by: Minh Vu <vuhoangminh97@gmail.com>

fix content integrity unsigned file checks

69072a5

Signed-off-by: Minh Vu <vuhoangminh97@gmail.com>

fallintoplace requested review from mosheabr and sayalinvidia as code owners June 12, 2026 22:30

harden content integrity resource paths

517a334

Signed-off-by: Minh Vu <vuhoangminh97@gmail.com>

fallintoplace changed the title ~~Fail content integrity on unsigned skill files~~ Harden content integrity signature checks Jun 12, 2026