The read tool's 'did you mean' feature suggests similarly named folders outside the project worktree, leaking directory information that should be gated by the external_directory permission.
Steps to reproduce:
- Create a folder on the desktop (outside worktree)
- Use the read tool with a slightly misspelled path pointing to that folder
- The tool returns 'File not found' but suggests the actual folder name as a 'did you mean' alternative
Expected: The read tool should not access or list contents of directories outside the worktree.
Actual: Directory entries from outside the worktree are exposed.
The read tool's 'did you mean' feature suggests similarly named folders outside the project worktree, leaking directory information that should be gated by the external_directory permission.
Steps to reproduce:
Expected: The read tool should not access or list contents of directories outside the worktree.
Actual: Directory entries from outside the worktree are exposed.