Your team has integrated a memory tool into a Claude-powered developer productivity assistant. Developers store project context, coding standards, and past decisions in /memories. During a security review, a penetration tester demonstrates that supplying the path /memories/../etc/passwd to the memory tool's view command successfully returns the file contents — escaping the intended memory directory entirely. Your current implementation passes Claude's path input directly to the file system without preprocessing. What is the most effective fix?