Skip to content

LC-2835 유저 맞춤형 챌린지 큐레이션 페이지 개발#2141

Merged
dusvlf111 merged 18 commits intotest-251221from
LC-2835-유저-맞춤형-챌린지-큐레이션-페이지-개발
Feb 24, 2026

Hidden character warning

The head ref may contain hidden characters: "LC-2835-\uc720\uc800-\ub9de\ucda4\ud615-\ucc4c\ub9b0\uc9c0-\ud050\ub808\uc774\uc158-\ud398\uc774\uc9c0-\uac1c\ubc1c"
Merged

LC-2835 유저 맞춤형 챌린지 큐레이션 페이지 개발#2141
dusvlf111 merged 18 commits intotest-251221from
LC-2835-유저-맞춤형-챌린지-큐레이션-페이지-개발

Conversation

@dusvlf111
Copy link
Collaborator

@dusvlf111 dusvlf111 commented Feb 24, 2026

연관 작업

dusvlf111 and others added 18 commits February 22, 2026 23:39
- 종류별 분류(data/hooks/model/ui)에서 기능별 분류(flow/challenge-comparison/frequent-comparison/faq)로
- 변경하여 함께 수정되는 파일의 응집도를 높이고 의존 관계를 명확하게 함
Skills/Agents/Hooks 역할 분리로 태스크 워크플로우 재설계

- vercel-react-best-practices: user-invocable:false로 자동 로드
- task-maker: disable-model-invocation, todo/ 폴더 기반으로 변경
- task-runner: 오케스트레이터 역할로 경량화, task-executor 위임
- task-executor: vercel 규칙 내장, dontAsk 권한의 자율 실행 에이전트
- test-runner: haiku 모델 기반 경량 테스트 에이전트
- post-edit-lint.sh: jq 방식으로 재작성 (공식 문서 권장)
- check-tasks.sh: Stop 훅으로 모든 task 완료 전 중단 방지
- inject-task-context.sh: 컴팩션 후 task 상태 재주입
- settings.json: PostToolUse/Stop/SessionStart 훅 통합 등록

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
@github-actions github-actions bot changed the title Lc 2835 유저 맞춤형 챌린지 큐레이션 페이지 개발 LC-2835 유저 맞춤형 챌린지 큐레이션 페이지 개발 Feb 24, 2026
@gemini-code-assist
Copy link

Summary of Changes

Hello @dusvlf111, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the application by developing a user-customized challenge curation page, which includes a personalized recommendation system, an interactive challenge comparison feature, and a refined FAQ section. Concurrently, it integrates advanced AI-assisted development workflows through new Claude agents, skills, and automated hooks, streamlining coding, testing, and adherence to best practices. The changes also include comprehensive documentation for the project's architecture and technical stack, ensuring better understanding and future maintainability.

Highlights

  • Curation Page Redesign: Implemented a user-customized challenge curation page with a recommendation system, a new challenge comparison feature, and an updated FAQ section, including responsive layouts and improved card designs.
  • Claude AI Agent Integration: Introduced new Claude agents (task-executor, test-runner) and skills (task-maker, task-runner, vercel-react-best-practices) to automate development workflows, including task execution, testing, and adherence to best practices.
  • Automated Development Hooks: Configured project-level hooks for automatic code formatting (ESLint/Prettier), continuous task checking, and context injection during session restarts, enhancing development efficiency.
  • Comprehensive Documentation: Added detailed documentation for common components, the curation domain structure, and the project's technical stack, improving maintainability and developer onboarding.
  • Refactored Curation Domain Structure: Restructured the curation domain by renaming and reorganizing files into more logical subdirectories (e.g., flow, faq, hero, nav, shared), enhancing modularity and clarity.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog
  • .claude/agents/task-executor.md
    • Added a new Claude agent definition for autonomous task execution.
  • .claude/agents/test-runner.md
    • Added a new Claude agent definition for test execution and validation.
  • .claude/docs/claude_code_docs/Automate workflows with hooks.md
    • Added new documentation detailing how to automate workflows using Claude Code hooks.
  • .claude/docs/claude_code_docs/Create custom subagents.md
    • Added new documentation explaining how to create custom subagents in Claude Code.
  • .claude/docs/claude_code_docs/Extend Claude with skills.md
    • Added new documentation on extending Claude's capabilities with skills and custom slash commands.
  • .claude/docs/common-components/README.md
    • Added a new README file documenting the common UI components in src/common/.
  • .claude/docs/curation-domain/README.md
    • Added a new README file detailing the domain structure of the curation page.
  • .claude/docs/tech-stack/README.md
    • Added a new README file outlining the project's technical stack and configurations.
  • .claude/hooks/check-tasks.sh
    • Added a new bash script hook to prevent Claude from stopping if incomplete tasks exist.
  • .claude/hooks/inject-task-context.sh
    • Added a new bash script hook to re-inject task context after session compaction.
  • .claude/hooks/post-edit-lint.sh
    • Added a new bash script hook to automatically run ESLint and Prettier after file edits.
  • .claude/launch.json
    • Added a new launch configuration file for Next.js development and start.
  • .claude/settings.json
    • Added a new settings file to configure PostToolUse, Stop, and SessionStart hooks.
  • .claude/settings.local.json
    • Updated permissions to allow all Bash commands and specific Figma and Claude Preview tools.
  • .claude/skills/task-maker/SKILL.md
    • Added a new Claude skill definition for generating task lists from PRDs.
  • .claude/skills/task-runner/SKILL.md
    • Added a new Claude skill definition for orchestrating task execution by delegating to task-executor.
  • .claude/skills/vercel-react-best-practices/AGENTS.md
    • Added a new comprehensive guide on React and Next.js performance optimization for AI agents.
  • .claude/skills/vercel-react-best-practices/SKILL.md
    • Added a new Claude skill definition for Vercel React best practices.
  • .claude/skills/vercel-react-best-practices/rules/advanced-event-handler-refs.md
    • Added a new rule documentation for storing event handlers in refs.
  • .claude/skills/vercel-react-best-practices/rules/advanced-use-latest.md
    • Added a new rule documentation for using useLatest for stable callback refs.
  • .claude/skills/vercel-react-best-practices/rules/async-api-routes.md
    • Added a new rule documentation for preventing waterfall chains in API routes.
  • .claude/skills/vercel-react-best-practices/rules/async-defer-await.md
    • Added a new rule documentation for deferring await until needed.
  • .claude/skills/vercel-react-best-practices/rules/async-dependencies.md
    • Added a new rule documentation for dependency-based parallelization.
  • .claude/skills/vercel-react-best-practices/rules/async-parallel.md
    • Added a new rule documentation for using Promise.all() for independent operations.
  • .claude/skills/vercel-react-best-practices/rules/async-suspense-boundaries.md
    • Added a new rule documentation for strategic Suspense boundaries.
  • .claude/skills/vercel-react-best-practices/rules/bundle-barrel-imports.md
    • Added a new rule documentation for avoiding barrel file imports.
  • .claude/skills/vercel-react-best-practices/rules/bundle-conditional.md
    • Added a new rule documentation for conditional module loading.
  • .claude/skills/vercel-react-best-practices/rules/bundle-defer-third-party.md
    • Added a new rule documentation for deferring non-critical third-party libraries.
  • .claude/skills/vercel-react-best-practices/rules/bundle-dynamic-imports.md
    • Added a new rule documentation for dynamic imports for heavy components.
  • .claude/skills/vercel-react-best-practices/rules/bundle-preload.md
    • Added a new rule documentation for preloading based on user intent.
  • .claude/skills/vercel-react-best-practices/rules/client-event-listeners.md
    • Added a new rule documentation for deduplicating global event listeners.
  • .claude/skills/vercel-react-best-practices/rules/client-localstorage-schema.md
    • Added a new rule documentation for versioning and minimizing localStorage data.
  • .claude/skills/vercel-react-best-practices/rules/client-passive-event-listeners.md
    • Added a new rule documentation for using passive event listeners for scrolling performance.
  • .claude/skills/vercel-react-best-practices/rules/client-swr-dedup.md
    • Added a new rule documentation for using SWR for automatic deduplication.
  • .claude/skills/vercel-react-best-practices/rules/js-batch-dom-css.md
    • Added a new rule documentation for batching DOM CSS changes.
  • .claude/skills/vercel-react-best-practices/rules/js-cache-function-results.md
    • Added a new rule documentation for caching repeated function calls.
  • .claude/skills/vercel-react-best-practices/rules/js-cache-property-access.md
    • Added a new rule documentation for caching property access in loops.
  • .claude/skills/vercel-react-best-practices/rules/js-cache-storage.md
    • Added a new rule documentation for caching storage API calls.
  • .claude/skills/vercel-react-best-practices/rules/js-combine-iterations.md
    • Added a new rule documentation for combining multiple array iterations.
  • .claude/skills/vercel-react-best-practices/rules/js-early-exit.md
    • Added a new rule documentation for early return from functions.
  • .claude/skills/vercel-react-best-practices/rules/js-hoist-regexp.md
    • Added a new rule documentation for hoisting RegExp creation.
  • .claude/skills/vercel-react-best-practices/rules/js-index-maps.md
    • Added a new rule documentation for building index maps for repeated lookups.
  • .claude/skills/vercel-react-best-practices/rules/js-length-check-first.md
    • Added a new rule documentation for early length check for array comparisons.
  • .claude/skills/vercel-react-best-practices/rules/js-min-max-loop.md
    • Added a new rule documentation for using loops for min/max instead of sort.
  • .claude/skills/vercel-react-best-practices/rules/js-set-map-lookups.md
    • Added a new rule documentation for using Set/Map for O(1) lookups.
  • .claude/skills/vercel-react-best-practices/rules/js-tosorted-immutable.md
    • Added a new rule documentation for using toSorted() instead of sort() for immutability.
  • .claude/skills/vercel-react-best-practices/rules/rendering-activity.md
    • Added a new rule documentation for using Activity component for show/hide.
  • .claude/skills/vercel-react-best-practices/rules/rendering-animate-svg-wrapper.md
    • Added a new rule documentation for animating SVG wrapper instead of SVG element.
  • .claude/skills/vercel-react-best-practices/rules/rendering-conditional-render.md
    • Added a new rule documentation for using explicit conditional rendering.
  • .claude/skills/vercel-react-best-practices/rules/rendering-content-visibility.md
    • Added a new rule documentation for CSS content-visibility for long lists.
  • .claude/skills/vercel-react-best-practices/rules/rendering-hoist-jsx.md
    • Added a new rule documentation for hoisting static JSX elements.
  • .claude/skills/vercel-react-best-practices/rules/rendering-hydration-no-flicker.md
    • Added a new rule documentation for preventing hydration mismatch without flickering.
  • .claude/skills/vercel-react-best-practices/rules/rendering-svg-precision.md
    • Added a new rule documentation for optimizing SVG precision.
  • .claude/skills/vercel-react-best-practices/rules/rerender-defer-reads.md
    • Added a new rule documentation for deferring state reads to usage point.
  • .claude/skills/vercel-react-best-practices/rules/rerender-dependencies.md
    • Added a new rule documentation for narrowing effect dependencies.
  • .claude/skills/vercel-react-best-practices/rules/rerender-derived-state.md
    • Added a new rule documentation for subscribing to derived state.
  • .claude/skills/vercel-react-best-practices/rules/rerender-functional-setstate.md
    • Added a new rule documentation for using functional setState updates.
  • .claude/skills/vercel-react-best-practices/rules/rerender-lazy-state-init.md
    • Added a new rule documentation for using lazy state initialization.
  • .claude/skills/vercel-react-best-practices/rules/rerender-memo.md
    • Added a new rule documentation for extracting to memoized components.
  • .claude/skills/vercel-react-best-practices/rules/rerender-transitions.md
    • Added a new rule documentation for using transitions for non-urgent updates.
  • .claude/skills/vercel-react-best-practices/rules/server-after-nonblocking.md
    • Added a new rule documentation for using after() for non-blocking operations.
  • .claude/skills/vercel-react-best-practices/rules/server-cache-lru.md
    • Added a new rule documentation for cross-request LRU caching.
  • .claude/skills/vercel-react-best-practices/rules/server-cache-react.md
    • Added a new rule documentation for per-request deduplication with React.cache().
  • .claude/skills/vercel-react-best-practices/rules/server-parallel-fetching.md
    • Added a new rule documentation for parallel data fetching with component composition.
  • .claude/skills/vercel-react-best-practices/rules/server-serialization.md
    • Added a new rule documentation for minimizing serialization at RSC boundaries.
  • .claude/tasks/done/FAQ01.md
    • Added a new task file documenting completed FAQ items.
  • .claude/tasks/done/FAQ02.md
    • Added a new task file documenting completed FAQ items with comparison tables.
  • .claude/tasks/done/task260224.md
    • Added a new task report detailing completed work on the curation page redesign.
  • .claude/tasks/done/tasks-prd-curation-comparison-redesign-1.md
    • Added a new task list for the curation challenge comparison redesign.
  • .claude/tasks/done/변경사항.md
    • Added a new task file outlining changes for the curation page.
  • .gitignore
    • Updated to remove docs from version control.
  • public/images/curation/quration_search.svg
    • Added a new SVG asset for curation search.
  • public/images/curation/tabler_arrow-up.svg
    • Added a new SVG asset for an arrow-up icon.
  • src/assets/0dabe8a70919c80f8b8801d9dc92ec6d3141847d.svg
    • Added a new SVG asset.
  • src/assets/0f3937047cd500bee52678f7c4922edd8d349ada.svg
    • Added a new SVG asset.
  • src/assets/217b8e49b22662ae3d21c8bbe401b544651fee6d.svg
    • Added a new SVG asset.
  • src/assets/26c35529b942349b302a35afc4a261586675c116.svg
    • Added a new SVG asset.
  • src/assets/38c2a415b9efbc82094f4a7b57a0c6d32f7c429a.svg
    • Added a new SVG asset.
  • src/assets/43c464d74135c0796de9ab8ecdd206a3d4be75fa.svg
    • Added a new SVG asset.
  • src/assets/44f885edbc19ae38e53b91337ddb7f271f5f4266.svg
    • Added a new SVG asset.
  • src/assets/558c9da7e950b71e851f6b24a16ab171f0c6495d.svg
    • Added a new SVG asset.
  • src/assets/6f6080ec77984c84c85369e929acc332225d7eaf.svg
    • Added a new SVG asset.
  • src/assets/79882046207c8d973d84a71fdff4455990d62220.svg
    • Added a new SVG asset.
  • src/assets/7e957baec2a39d190a404fbf036e7f20f3fcc863.svg
    • Added a new SVG asset.
  • src/assets/a9315a6a5da67cfbc396cbfbc03975caf6bda0d9.svg
    • Added a new SVG asset.
  • src/assets/ab5ba9dba1984a272e1d7f508771cd79c2dda7e4.svg
    • Added a new SVG asset.
  • src/assets/b44d1119bee0f0ad9a6de5c96364cda9497e3dd5.svg
    • Added a new SVG asset.
  • src/assets/c80549b9c35d678c6b3617cc2b29450e8f66cd92.svg
    • Added a new SVG asset.
  • src/assets/cb1ae75c2d6dd844147b82f0a7031e1b343963a0.svg
    • Added a new SVG asset.
  • src/assets/e3f19840def9546624ffbeaff93eacf7e60d8066.svg
    • Added a new SVG asset.
  • src/domain/curation/challenge-comparison/ChallengeCard.tsx
    • Added a new component for displaying individual challenge cards.
  • src/domain/curation/challenge-comparison/ChallengeCompareSection.tsx
    • Added a new component for the challenge comparison section, integrating recommended comparisons and comparison results.
  • src/domain/curation/challenge-comparison/CompareResultCard.tsx
    • Added a new component for displaying the comparison results of selected challenges.
  • src/domain/curation/challenge-comparison/RecommendedComparisons.tsx
    • Added a new component for displaying recommended comparison combinations.
  • src/domain/curation/challenge-comparison/useCompareCart.ts
    • Added a new hook for managing the state of the challenge comparison cart.
  • src/domain/curation/data/constants.ts
    • Removed the barrel file for curation constants.
  • src/domain/curation/faq/FaqSection.tsx
    • Renamed from src/domain/curation/ui/FaqSection.tsx and updated styling and layout for the FAQ section.
  • src/domain/curation/faq/faqs.ts
    • Renamed from src/domain/curation/data/faqs.ts.
  • src/domain/curation/flow/CurationStepper.tsx
    • Added a new component for the curation flow stepper.
  • src/domain/curation/flow/DesktopRecommendationCard.tsx
    • Added a new component for displaying desktop recommendation cards.
  • src/domain/curation/flow/MobilePersonaSelector.tsx
    • Renamed from src/domain/curation/ui/MobilePersonaSelector.tsx.
  • src/domain/curation/flow/MobileQuestionStep.tsx
    • Renamed from src/domain/curation/ui/MobileQuestionStep.tsx.
  • src/domain/curation/flow/MobileRecommendationCard.tsx
    • Renamed from src/domain/curation/ui/MobileRecommendationCard.tsx.
  • src/domain/curation/flow/PersonaSelector.tsx
    • Added a new component for selecting personas.
  • src/domain/curation/flow/QuestionStep.tsx
    • Added a new component for displaying curation questions.
  • src/domain/curation/flow/ResultSection.tsx
    • Added a new component for displaying curation results.
  • src/domain/curation/flow/copy.ts
    • Renamed from src/domain/curation/data/copy.ts.
  • src/domain/curation/flow/curationEngine.test.ts
    • Renamed from src/domain/curation/model/curationEngine.test.ts.
  • src/domain/curation/flow/curationEngine.ts
    • Renamed from src/domain/curation/model/curationEngine.ts.
  • src/domain/curation/flow/guides.ts
    • Renamed from src/domain/curation/data/guides.ts.
  • src/domain/curation/flow/personas.ts
    • Renamed from src/domain/curation/data/personas.ts.
  • src/domain/curation/flow/questions.ts
    • Renamed from src/domain/curation/data/questions.ts.
  • src/domain/curation/flow/useCurationFlow.ts
    • Renamed from src/domain/curation/hooks/useCurationFlow.ts.
  • src/domain/curation/hero/CurationHero.tsx
    • Added a new component for the curation hero section.
  • src/domain/curation/hooks/useExpandableRows.ts
    • Removed the hook for expandable rows.
  • src/domain/curation/hooks/useInfiniteCarousel.ts
    • Removed the hook for infinite carousel.
  • src/domain/curation/model/carouselAnimation.test.ts
    • Removed carousel animation test file.
  • src/domain/curation/model/carouselAnimation.ts
    • Removed carousel animation utility file.
  • src/domain/curation/nav/CurationStickyNav.tsx
    • Renamed from src/domain/curation/ui/CurationStickyNav.tsx and updated to reflect the new section structure.
  • src/domain/curation/screen/CurationScreen.tsx
    • Updated to integrate new comparison section, remove old comparison sections, and adjust layout.
  • src/domain/curation/shared/comparisons.ts
    • Renamed from src/domain/curation/data/comparisons.ts and updated to fix a label mismatch.
  • src/domain/curation/shared/programs.ts
    • Renamed from src/domain/curation/data/programs.ts.
  • src/domain/curation/types.ts
    • Renamed from src/domain/curation/types/types.ts and removed ComparisonRowConfig interface.
  • src/domain/curation/ui/ChallengeComparisonSection.tsx
    • Removed the old challenge comparison section.
  • src/domain/curation/ui/CurationHero.tsx
    • Removed the old curation hero component.
  • src/domain/curation/ui/CurationStepper.tsx
    • Removed the old curation stepper component.
  • src/domain/curation/ui/FrequentComparisonSection.tsx
    • Removed the old frequent comparison section.
  • src/domain/curation/ui/PersonaSelector.tsx
    • Removed the old persona selector component.
  • src/domain/curation/ui/QuestionStep.tsx
    • Removed the old question step component.
  • src/domain/curation/ui/ResultSection.tsx
    • Removed the old result section component.
  • src/domain/curation/ui/comparison/ChallengeComparisonCards.tsx
    • Removed the old challenge comparison cards component.
  • src/domain/curation/ui/comparison/ChallengeComparisonTable.tsx
    • Removed the old challenge comparison table component.
  • src/domain/curation/ui/comparison/FrequentComparisonCarousel.tsx
    • Removed the old frequent comparison carousel component.
  • src/domain/curation/ui/comparison/MobileChallengeComparison.tsx
    • Removed the old mobile challenge comparison component.
  • src/domain/curation/ui/comparison/MobileFrequentComparison.tsx
    • Removed the old mobile frequent comparison component.
Activity
  • The pull request introduces a significant amount of new files, particularly for Claude agent configurations, skills, and documentation, indicating an effort to integrate AI-assisted development workflows.
  • A major refactoring and redesign of the curation page is evident through numerous file renames, additions, and removals within the src/domain/curation/ directory.
  • The .claude/tasks/done/ files suggest that the author has been using the new Claude agents and skills to manage and report on the progress of the curation page development.
  • The update to settings.local.json indicates adjustments to development environment permissions, likely to accommodate the new Claude tools.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This PR significantly refactors and improves the curation page, reorganizing the file structure around domains with functional separation for challenge-comparison, flow, and faq. It also introduces several Claude Code agent configurations (hooks, skills, and agents) to automate development workflows. While the React code for the curation page appears secure, security vulnerabilities were found in the Claude Code shell scripts and agent configurations. Specifically, a command injection vulnerability exists in the check-tasks.sh hook, and the task-executor agent is configured with overly permissive autonomous execution capabilities that could be exploited via malicious files in the repository. The refactoring itself is well-executed, enhancing maintainability and reusability. Please address the identified security vulnerabilities and review the specific improvement point left in the comments below.

fi

# todo/ 에서 미완료 항목([ ])이 있는 파일 탐색
REMAINING=$(ls todo/*.md 2>/dev/null | xargs -I{} sh -c 'grep -l "\[ \]" {} 2>/dev/null' 2>/dev/null | head -1)

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-high high

The use of xargs -I{} sh -c '...' with a template containing {} is vulnerable to command injection if a filename in the todo/ directory contains shell metacharacters (e.g., single quotes, semicolons). An attacker could create a file with a malicious name like todo/foo'; touch pwned; '.md which would result in arbitrary command execution when this hook is triggered by Claude Code.

To remediate this, avoid using sh -c to wrap the command. Instead, pass the arguments directly to grep using xargs or use find -exec.

description: Autonomous task execution agent for lets-intern-client. Implements features, writes tests, commits code, and fixes errors. Delegates from task-runner skill. Use proactively for all coding implementation tasks.
tools: Read, Write, Edit, Bash, Glob, Grep, Task
model: inherit
permissionMode: dontAsk

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-medium medium

The task-executor agent is configured with permissionMode: dontAsk and granted access to the Bash tool. This allows the agent to execute arbitrary shell commands on the host machine without user confirmation. When combined with the task-runner skill, which automates the execution of tasks defined in repository files, this creates a significant security risk. If a repository contains a malicious task file (e.g., from an untrusted pull request), the agent might execute harmful commands autonomously.

Recommendation: Change permissionMode to default to ensure that sensitive operations like Bash commands always require explicit user approval.

Comment on lines +53 to +62
const titleParts = programs.map((p) => {
if (p.title.includes('경험정리')) return '경험정리';
if (p.title.includes('이력서')) return '이력서';
if (p.title.includes('대기업')) return '대기업 자소서';
if (p.title.includes('자기소개서')) return '자소서';
if (p.title.includes('포트폴리오')) return '포트폴리오';
if (p.title.includes('마케팅')) return '마케팅';
if (p.title.includes('HR')) return 'HR';
return p.title;
});

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

현재 비교 결과 제목을 생성하는 로직이 includes를 사용하여 문자열을 확인하고 있어, 향후 프로그램 이름이 변경되거나 새로운 프로그램이 추가될 때 깨지기 쉬운 구조입니다. 예를 들어, '경험정리'와 '경험분석' 챌린지가 모두 '경험'을 포함하고 있어 의도치 않은 결과가 나올 수 있습니다.

PROGRAMS 데이터 객체에 shortTitle이나 alias 같은 짧은 별칭을 추가하고, 이 값을 조합하여 제목을 생성하는 방식을 고려해 보세요. 이렇게 하면 데이터와 로직이 분리되어 유지보수성이 향상됩니다.

예시:
src/domain/curation/shared/programs.ts

export const PROGRAMS: Record<ProgramId, ProgramContent> = {
  experience: {
    // ...
    shortTitle: '경험정리',
    // ...
  },
  // ...
};
  const titleParts = programs.map((p) => p.shortTitle || p.title);
References
  1. 프로그램의 짧은 제목(short title)은 프로그램 데이터의 일부이므로, 표시 로직과 분리하여 프로그램 데이터 모델에 함께 정의하는 것이 응집도를 높입니다. 현재는 제목 생성 로직이 표시 컴포넌트 내에 하드코딩되어 있어 데이터와 로직이 불필요하게 결합되어 있습니다. (link)

@dusvlf111 dusvlf111 merged commit a8dab61 into test-251221 Feb 24, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant