The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The MLModelCache class in SKILL.md utilizes pickle.load and pickle.loads to deserialize machine learning models stored in Redis or on the local filesystem. The Python pickle module is vulnerable to arbitrary code execution attacks because it can instantiate objects that execute shell commands during the unpickling process. An attacker who gains control over the Redis instance or the local directory where models are stored could achieve remote code execution (RCE) on the agent's host system.
[DATA_EXFILTRATION]: The methods StaticAssetCache.serve_asset and MLModelCache.get_model in SKILL.md construct file paths using string interpolation of input parameters (model_id, version, and file_path) and pass them directly to the open() function. Since these parameters are not validated or sanitized, the code is vulnerable to directory traversal attacks (e.g., using '../' sequences), which could allow an unauthorized user to read sensitive files from the host system's filesystem.

loom-caching