fix: sanitize topic parameter in tool_diary_write

agent_name and entry are validated via sanitize_name/sanitize_content, but topic is stored raw into ChromaDB metadata. Apply the same sanitize_name guard to reject null bytes, path traversal, and oversized payloads.
2026-04-16 12:12:17 +09:00
parent d4c942417a
commit 5bf826046c
1 changed files with 1 additions and 0 deletions
@@ -925,6 +925,7 @@ def tool_diary_write(agent_name: str, entry: str, topic: str = "general"):
    try:
        agent_name = sanitize_name(agent_name, "agent_name")
        entry = sanitize_content(entry)
+        topic = sanitize_name(topic, "topic")
    except ValueError as e:
        return {"success": False, "error": str(e)}