fix: Address PR review - robust YAML parsing, sanitized output, test isolation

1. ParsePromptFile now requires closing --- at start of a line, preventing
   dashes inside YAML values from being treated as frontmatter delimiters
2. SavePrompt quotes name/description in YAML and strips newlines/escapes
   quotes via new SanitizeYamlValue helper
3. DiscoverPrompts tests filter by Source==Project to avoid interference
   from real ~/.polypilot/prompts/ contents
4. Added 4 new tests for dashes-in-values, YAML sanitization

Co-authored-by: PureWeen <5375137+PureWeen@users.noreply.github.com>

Author: Copilot

PolyPilot.Tests/PromptLibraryTests.cs

@@ -143,7 +143,8 @@ public void DiscoverPrompts_FromProjectDirectories()
         Directory.CreateDirectory(promptDir);
         File.WriteAllText(Path.Combine(promptDir, "deploy.md"), "---\nname: Deploy\ndescription: Deploy the app\n---\nDeploy steps...");
 
-        var prompts = PromptLibraryService.DiscoverPrompts(projectDir);
+        var prompts = PromptLibraryService.DiscoverPrompts(projectDir)
+            .Where(p => p.Source == PromptSource.Project).ToList();
 
         Assert.Single(prompts);
         Assert.Equal("Deploy", prompts[0].Name);
@@ -158,7 +159,8 @@ public void DiscoverPrompts_CopilotPromptsDir()
         Directory.CreateDirectory(promptDir);
         File.WriteAllText(Path.Combine(promptDir, "review.md"), "Review code carefully.");
 
-        var prompts = PromptLibraryService.DiscoverPrompts(projectDir);
+        var prompts = PromptLibraryService.DiscoverPrompts(projectDir)
+            .Where(p => p.Source == PromptSource.Project).ToList();
 
         Assert.Single(prompts);
         Assert.Equal("review", prompts[0].Name);
@@ -176,7 +178,8 @@ public void DiscoverPrompts_MultipleProjectDirs()
         File.WriteAllText(Path.Combine(githubDir, "from-github.md"), "---\nname: GitHub Prompt\n---\nFrom github");
         File.WriteAllText(Path.Combine(copilotDir, "from-copilot.md"), "---\nname: Copilot Prompt\n---\nFrom copilot");
 
-        var prompts = PromptLibraryService.DiscoverPrompts(projectDir);
+        var prompts = PromptLibraryService.DiscoverPrompts(projectDir)
+            .Where(p => p.Source == PromptSource.Project).ToList();
 
         Assert.Equal(2, prompts.Count);
         Assert.Contains(prompts, p => p.Name == "GitHub Prompt");
@@ -272,12 +275,47 @@ public void DiscoverPrompts_ClaudePromptsDir()
         Directory.CreateDirectory(promptDir);
         File.WriteAllText(Path.Combine(promptDir, "analyze.md"), "---\nname: Analyze\n---\nAnalyze the code.");
 
-        var prompts = PromptLibraryService.DiscoverPrompts(projectDir);
+        var prompts = PromptLibraryService.DiscoverPrompts(projectDir)
+            .Where(p => p.Source == PromptSource.Project).ToList();
 
         Assert.Single(prompts);
         Assert.Equal("Analyze", prompts[0].Name);
     }
 
+    [Fact]
+    public void ParsePromptFile_DashesInsideYamlValue_NotTreatedAsClosing()
+    {
+        var content = "---\nname: test---name\ndescription: a---b\n---\nBody here";
+        var filePath = "/test.md";
+
+        var (name, description, body) = PromptLibraryService.ParsePromptFile(content, filePath);
+
+        Assert.Equal("test---name", name);
+        Assert.Equal("a---b", description);
+        Assert.Equal("Body here", body);
+    }
+
+    [Fact]
+    public void SanitizeYamlValue_StripsNewlines()
+    {
+        var result = PromptLibraryService.SanitizeYamlValue("line1\nline2\r\nline3");
+        Assert.Equal("line1 line2 line3", result);
+    }
+
+    [Fact]
+    public void SanitizeYamlValue_EscapesQuotes()
+    {
+        var result = PromptLibraryService.SanitizeYamlValue("say \"hello\"");
+        Assert.Equal("say \\\"hello\\\"", result);
+    }
+
+    [Fact]
+    public void SanitizeYamlValue_PlainString_Unchanged()
+    {
+        var result = PromptLibraryService.SanitizeYamlValue("simple name");
+        Assert.Equal("simple name", result);
+    }
+
     public void Dispose()
     {
         try { Directory.Delete(_testDir, true); } catch { }

PolyPilot/Services/PromptLibraryService.cs

@@ -122,7 +122,20 @@ internal static (string name, string description, string body) ParsePromptFile(s
 
         if (content.StartsWith("---"))
         {
-            var endIdx = content.IndexOf("---", 3, StringComparison.Ordinal);
+            // Search for closing --- that starts on its own line
+            var endIdx = -1;
+            var searchFrom = 3;
+            while (searchFrom < content.Length)
+            {
+                var idx = content.IndexOf("---", searchFrom, StringComparison.Ordinal);
+                if (idx < 0) break;
+                if (idx == 0 || content[idx - 1] == '\n')
+                {
+                    endIdx = idx;
+                    break;
+                }
+                searchFrom = idx + 1;
+            }
             if (endIdx > 0)
             {
                 var frontmatter = content[3..endIdx];
@@ -159,14 +172,18 @@ public static SavedPrompt SavePrompt(string name, string content, string? descri
         var safeName = SanitizeFileName(name);
         var filePath = Path.Combine(UserPromptsDir, safeName + ".md");
 
+        // Sanitize name/description to prevent YAML corruption
+        var yamlName = SanitizeYamlValue(name);
+        var yamlDesc = description != null ? SanitizeYamlValue(description) : null;
+
         var fileContent = "";
-        if (!string.IsNullOrWhiteSpace(description))
+        if (!string.IsNullOrWhiteSpace(yamlDesc))
         {
-            fileContent = $"---\nname: {name}\ndescription: {description}\n---\n{content}";
+            fileContent = $"---\nname: \"{yamlName}\"\ndescription: \"{yamlDesc}\"\n---\n{content}";
         }
         else
         {
-            fileContent = $"---\nname: {name}\n---\n{content}";
+            fileContent = $"---\nname: \"{yamlName}\"\n---\n{content}";
         }
 
         File.WriteAllText(filePath, fileContent);
@@ -216,6 +233,18 @@ public static bool DeletePrompt(string name)
             .FirstOrDefault(p => string.Equals(p.Name, name, StringComparison.OrdinalIgnoreCase));
     }
 
+    /// <summary>
+    /// Sanitize a string for safe inclusion in a YAML value.
+    /// Strips newlines and escapes double quotes.
+    /// </summary>
+    internal static string SanitizeYamlValue(string value)
+    {
+        return value
+            .Replace("\r", "")
+            .Replace("\n", " ")
+            .Replace("\"", "\\\"");
+    }
+
     /// <summary>
     /// Sanitize a name into a safe filename (alphanumeric, hyphens, underscores).
     /// </summary>