Skip to content

Path traversal + shell injection in LLM tool sandbox #4

Description

@consigcody94

Found via code audit. core/tools.py:226-242. LLM-controlled path joined to workspace with no traversal check. Also shell=True subprocess on line 188 with bypassable blocklist (rm -r -f /).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions