fix: validate agent toml boundaries

internal/agents/store.go

@@ -61,6 +61,15 @@ func (s Store) readOne(fileName string) AgentDefinition {
 		def.ParseError = err.Error()
 		return def
 	}
+	if info, err := os.Lstat(safePath); err != nil {
+		def.ParseStatus = "invalid"
+		def.ParseError = err.Error()
+		return def
+	} else if info.Mode()&os.ModeSymlink != 0 {
+		def.ParseStatus = "invalid"
+		def.ParseError = codexhome.ErrForbiddenPath.Error()
+		return def
+	}
 	info, statErr := os.Stat(safePath)
 	if statErr == nil {
 		def.ModifiedAt = info.ModTime()
@@ -109,6 +118,12 @@ func parseSimpleTOML(input string) (map[string]string, error) {
 		if key == "" {
 			return values, fmt.Errorf("第 %d 行缺少字段名", lineNumber)
 		}
+		if !isValidBareKey(key) {
+			return values, fmt.Errorf("第 %d 行包含无效字段名", lineNumber)
+		}
+		if _, exists := values[key]; exists {
+			return values, fmt.Errorf("第 %d 行重复字段名 %q", lineNumber, key)
+		}
 
 		value, err := parseTOMLString(raw, scanner)
 		if err != nil {
@@ -122,6 +137,25 @@ func parseSimpleTOML(input string) (map[string]string, error) {
 	return values, nil
 }
 
+func isValidBareKey(key string) bool {
+	for _, char := range key {
+		if char >= 'a' && char <= 'z' {
+			continue
+		}
+		if char >= 'A' && char <= 'Z' {
+			continue
+		}
+		if char >= '0' && char <= '9' {
+			continue
+		}
+		if char == '_' || char == '-' {
+			continue
+		}
+		return false
+	}
+	return true
+}
+
 func parseTOMLString(raw string, scanner *bufio.Scanner) (string, error) {
 	if strings.HasPrefix(raw, `"""`) {
 		block := strings.TrimPrefix(raw, `"""`)