Fix path traversal in skill extraction (Zip Slip variant)

Validate normalized relative paths in _build_wrapper_code to prevent
directory traversal via malicious GCS skill resource names. A crafted
skill resource name containing '../' could write files outside the
temporary directory, potentially leading to RCE via runpy.run_path().

Fixes #5603

Author: Ashutosh0x

src/google/adk/tools/skill_toolset.py

@@ -661,7 +661,10 @@ def _build_wrapper_code(
         "  _orig_cwd = os.getcwd()",
         "  with tempfile.TemporaryDirectory() as td:",
         "    for rel_path, content in _files.items():",
-        "      full_path = os.path.join(td, rel_path)",
+        "      norm_rel = os.path.normpath(rel_path)",
+        "      if norm_rel.startswith('..') or os.path.isabs(norm_rel):",
+        "        raise PermissionError('Path traversal blocked in skill file: ' + rel_path)",
+        "      full_path = os.path.join(os.path.abspath(td), norm_rel)",
         "      os.makedirs(os.path.dirname(full_path), exist_ok=True)",
         "      mode = 'wb' if isinstance(content, bytes) else 'w'",
         "      with open(full_path, mode) as f:",