fix: address code review findings from cubic-dev-ai

- Fix path traversal regex prefix confusion in perl-security skill - Revert v1.4.0 changelog entry (Perl not part of that release) - Rename $a/$b to $x/$y to avoid shadowing sort globals - Replace return undef with bare return per perlcritic rules
2026-04-13 21:33:32 +08:00 · 2026-03-09 06:46:49 +03:00
parent b2a7bae5db
commit 36bcf20588
3 changed files with 6 additions and 6 deletions
--- a/skills/perl-patterns/SKILL.md
+++ b/skills/perl-patterns/SKILL.md
@@ -157,14 +157,14 @@ sub fetch_user($id) {
 ```perl
 use v5.40;

-sub divide($a, $b) {
+sub divide($x, $y) {
    try {
-        die "Division by zero" if $b == 0;
-        return $a / $b;
+        die "Division by zero" if $y == 0;
+        return $x / $y;
    }
    catch ($e) {
        warn "Error: $e";
-        return undef;
+        return;
    }
 }
 ```
--- a/skills/perl-security/SKILL.md
+++ b/skills/perl-security/SKILL.md
@@ -197,7 +197,7 @@ sub safe_path($base_dir, $user_path) {
        // die "Path does not exist\n";
    my $base_real = realpath($base_dir)
        // die "Base dir does not exist\n";
-    die "Path traversal blocked\n" unless $real =~ /^\Q$base_real\E/;
+    die "Path traversal blocked\n" unless $real =~ /^\Q$base_real\E\//;
    return $real;
 }
 ```