🟠 high - security
File: pkg/tools/builtin/shell.go (line 159)
Code
cmd := exec.Command(h.shell, append(h.shellArgsPrefix, command)...)
Problem
The shell tool executes arbitrary commands provided by the agent without validation when not in sandbox mode. While this may be intentional functionality, it poses a significant security risk if the agent is compromised or receives malicious input. Commands are executed with the privileges of the cagent process.
Suggested Fix
Enforce sandbox mode by default for production deployments. Add configuration options to restrict allowed commands or require explicit user approval for dangerous operations. Consider implementing command pattern matching to block potentially dangerous operations (rm -rf, dd, etc.).
Found by nightly codebase scan
🟠 high - security
File:
pkg/tools/builtin/shell.go(line 159)Code
Problem
The shell tool executes arbitrary commands provided by the agent without validation when not in sandbox mode. While this may be intentional functionality, it poses a significant security risk if the agent is compromised or receives malicious input. Commands are executed with the privileges of the cagent process.
Suggested Fix
Enforce sandbox mode by default for production deployments. Add configuration options to restrict allowed commands or require explicit user approval for dangerous operations. Consider implementing command pattern matching to block potentially dangerous operations (rm -rf, dd, etc.).
Found by nightly codebase scan