What

UnderstandingAPI (added in #2614) extracts the third-party-downloaded result zip with a raw zipfile.ZipFile(...).extractall(), bypassing the project's canonical safe_extract_zip Zip-Slip guard.

with tempfile.TemporaryDirectory() as extract_dir:
    with zipfile.ZipFile(zip_path, "r") as zf:
        zf.extractall(extract_dir)   # <- no Zip-Slip protection

Why

#2615's same-day hardening sweep routed every other production extractor through safe_extract_zip (utils/zip_safe.py, utils/skill_processor.py, upload paths), but its file list didn't include understanding_api.py, so this one download path still calls extractall(). A malicious or MITM'd Understanding-API result zip whose members use ../../… would currently escape the temp dir and write onto the user's filesystem. The safe_extract_zip invariant is deliberately source-agnostic, so even a configured-endpoint source should go through it.

Change

One-line swap to the same helper parse/parsers/zip_parser.py already uses:

safe_extract_zip(zf, extract_dir)

No behavior change for benign archives: safe_extract_zip validates each member stays inside extract_dir and recreates the same tree the downstream extract_path.iterdir() / single-root-dir detection expects (safe_extract_zip Path()-coerces the str temp dir and calls normalize_zip_filenames internally). Zip-Slip behavior is already covered centrally by tests/misc/test_zip_safe.py.