docs: strengthen public security signals

tests/core_safe_functions.bats

@@ -66,6 +66,9 @@ teardown() {
 }
 
 @test "validate_path_for_deletion rejects system directories" {
+    run bash -c "source '$PROJECT_ROOT/lib/core/common.sh'; validate_path_for_deletion '/'"
+    [ "$status" -eq 1 ]
+
     run bash -c "source '$PROJECT_ROOT/lib/core/common.sh'; validate_path_for_deletion '/System'"
     [ "$status" -eq 1 ]
 
@@ -86,6 +89,15 @@ teardown() {
     [ "$status" -eq 1 ]
 }
 
+@test "validate_path_for_deletion rejects symlink to protected system path" {
+    local link_path="$TEST_DIR/system-link"
+    ln -s "/System" "$link_path"
+
+    run bash -c "source '$PROJECT_ROOT/lib/core/common.sh'; validate_path_for_deletion '$link_path' 2>&1"
+    [ "$status" -eq 1 ]
+    [[ "$output" == *"protected system path"* ]]
+}
+
 @test "safe_remove successfully removes file" {
     local test_file="$TEST_DIR/test_file.txt"
     echo "test" > "$test_file"
@@ -134,6 +146,22 @@ teardown() {
     [ "$status" -eq 1 ]
 }
 
+@test "safe_sudo_remove refuses symlink paths" {
+    local target_dir="$TEST_DIR/real"
+    local link_dir="$TEST_DIR/link"
+    mkdir -p "$target_dir"
+    ln -s "$target_dir" "$link_dir"
+
+    run bash -c "
+        source '$PROJECT_ROOT/lib/core/common.sh'
+        sudo() { return 0; }
+        export -f sudo
+        safe_sudo_remove '$link_dir' 2>&1
+    "
+    [ "$status" -eq 1 ]
+    [[ "$output" == *"Refusing to sudo remove symlink"* ]]
+}
+
 @test "safe_find_delete rejects symlinked directory" {
     local real_dir="$TEST_DIR/real"
     local link_dir="$TEST_DIR/link"