`potato-annotation` has a Project-Boundary Bypass
validate_path_security uses string-prefix containment (startswith) for boundary checks. This allows paths that are outside the intended project directory but share its prefix string (e.g., /tmp/potato_proj_demo_evil/… vs /tmp/potato_proj_demo) to be accepted.