The Agent Skills Directory

[COMMAND_EXECUTION]: Path traversal vulnerability in the create and delete actions within run.py. The script constructs file paths by joining a base directory with a user-provided name: filepath = _ARTIFACTS_DIR / name. Without validation or sanitization of the name argument, an attacker can manipulate the path (e.g., using ../ sequences or absolute paths) to write to or delete files outside the intended directory, such as shell configuration files, system scripts, or critical user data.
[DATA_EXFILTRATION]: Path traversal vulnerability in the read action within run.py. The read function allows accessing files outside the designated artifacts folder because it does not verify that the resulting path is restricted to the base directory. This flaw enables the disclosure and exfiltration of sensitive information, including environment variables, private keys, and configuration files, by reading paths like ~/.ssh/id_rsa or /etc/passwd.

artifact-management