#12701: security: prefix bare .md file references with ./ to prevent TLD resolution

## Summary Since `.md` is a valid top-level domain (Moldova), bare references like `MEMORY.md`, `SOUL.md`, `HEARTBEAT.md` in LLM-facing prompts could potentially be resolved as URLs (e.g., `https://memory.md`, `https://soul.md`) instead of local file paths. This is a security risk: an attacker could register these domains and serve malicious content that the agent might fetch and execute as instructions. ## Fix Prefix all bare `.md` file references in system prompts, tool descriptions, and heartbeat prompts with `./` to unambiguously mark them as local paths. ## Changes (7 files, 11 lines) | File | Change | |------|--------| | `src/agents/system-prompt.ts` | `MEMORY.md` → `./MEMORY.md`, `TOOLS.md` → `./TOOLS.md`, `SOUL.md` → `./SOUL.md` | | `src/agents/system-prompt-report.ts` | `TOOLS.md` marker string → `./TOOLS.md` | | `src/agents/system-prompt.test.ts` | Update test expectation for `./SOUL.md` | | `src/agents/tools/memory-tool.ts` | `MEMORY.md` → `./MEMORY.md` in memory_search and memory_get descriptions | | `src/auto-reply/heartbeat.ts` | `HEARTBEAT.md` → `./HEARTBEAT.md` in default prompt | | `src/auto-reply/reply/session-updates.ts` | Update heartbeat filter + backward compat for old prompt format | | `src/config/types.agent-defaults.ts` | JSDoc default string consistency | ## Background The `.md` TLD is actively registered — for example, `heartbeat.md` is a purchasable domain. If an LLM sees a bare `HEARTBEAT.md` in its system prompt and has access to web tools, it could attempt to fetch `https://heartbeat.md` instead of reading the local file, potentially executing attacker-controlled instructions. The `./` prefix makes the reference unambiguously a relative file path, which no URL parser will resolve as a domain. <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR updates multiple LLM-facing prompt strings to prefix bare `*.md` references with `./` (e.g., `MEMORY.md` → `./MEMORY.md`, `HEARTBEAT.md` → `./HEARTBEAT.md`) to prevent accidental URL/TLD resolution in models that might treat bare `heartbeat.md` as a domain. Changes are localized to system-prompt generation/reporting, memory tool descriptions, the default heartbeat prompt, and a system-event filter intended to suppress the heartbeat prompt line from session updates. <h3>Confidence Score: 3/5</h3> - This PR is mostly safe to merge, but there’s a functional regression risk in session update filtering when users override the heartbeat prompt. - The string-prefix changes are straightforward and low-risk, but `prependSystemEvents` now filters heartbeat prompts using a hard-coded prefix that only matches the default/legacy prompt format; custom heartbeat prompts will leak into system event blocks unexpectedly. - src/auto-reply/reply/session-updates.ts <!-- greptile_other_comments_section --> _{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!} <!-- /greptile_comment -->