LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-03-21 16:41:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: harden workspace skill path containment

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-07 18:56:09 +00:00
parent 5effa6043e
commit 253e159700
5 changed files with 214 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/tools/skills.md
View File

@@ -70,6 +70,7 @@ that up as `<workspace>/skills` on the next session.
- Treat third-party skills as **untrusted code**. Read them before enabling.
- Prefer sandboxed runs for untrusted inputs and risky tools. See [Sandboxing](/gateway/sandboxing).
- Workspace and extra-dir skill discovery only accepts skill roots and `SKILL.md` files whose resolved realpath stays inside the configured root.
- `skills.entries.*.env` and `skills.entries.*.apiKey` inject secrets into the **host** process
for that agent turn (not the sandbox). Keep secrets out of prompts and logs.
- For a broader threat model and checklists, see [Security](/gateway/security).