Sanitize team_name in hook path construction (defense-in-depth) #286
Description
Problem
Multiple hooks use team_name directly in file path construction without sanitization:
handoff_gate.py:Path.home() / ".claude" / "teams" / team_namememory_adhoc_reminder.py: same patternteammate_completion_gate.py:Path.home() / ".claude" / "tasks" / team_name
While task_id receives explicit re.sub(r'[/\\]|\.\.', '', task_id) sanitization, team_name does not.
Risk
Low. Requires control of CLAUDE_CODE_TEAM_NAME env var or hook stdin JSON — both SDK-controlled, not user-controlled. Target directory must also exist. Practical exploitability is very low.
Proposed Fix
Apply re.sub(r'[/\\]|\.\.', '', team_name) sanitization consistently across ALL hooks that use team_name in path construction. Could be extracted to a shared utility in hooks/shared/.
Found During
PR #284 review (V-S1, security-reviewer). Pre-existing pattern, not introduced by this PR.