From 30ae68dd3368bdc8c5b6c12eeadbab92bf6196a0 Mon Sep 17 00:00:00 2001
From: Teknium <teknium1@gmail.com>
Date: Fri, 10 Apr 2026 03:01:47 -0700
Subject: [PATCH] fix: apply hidden_div regex newline bypass fix to
 skills_guard.py

The same .* pattern vulnerable to newline bypass that was fixed in
prompt_builder.py (PR #6925) also existed in skills_guard.py. Changed
to [\s\S]*? to match across newlines.
---
 tools/skills_guard.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/skills_guard.py b/tools/skills_guard.py
index d22b7d294..597ea5681 100644
--- a/tools/skills_guard.py
+++ b/tools/skills_guard.py
@@ -190,7 +190,7 @@ THREAT_PATTERNS = [
     (r'<!--[^>]*(?:ignore|override|system|secret|hidden)[^>]*-->',
      "html_comment_injection", "high", "injection",
      "hidden instructions in HTML comments"),
-    (r'<\s*div\s+style\s*=\s*["\'].*display\s*:\s*none',
+    (r'<\s*div\s+style\s*=\s*["\'][\s\S]*?display\s*:\s*none',
      "hidden_div", "high", "injection",
      "hidden HTML div (invisible instructions)"),