AIKIDO-2026-10237
ai-rulez is vulnerable to Resource Leakage
43
Medium Risk
This Affects:
ai-rulezTL;DR
Affected versions of this package did not properly enforce frontmatter target restrictions when rendering Claude preset skills, causing rules and contextual content from unrelated .claude/skills/*/SKILL.md files to be embedded outside their intended scope. This could lead to unintended context leakage across skills, violating isolation boundaries and potentially exposing sensitive instructions or internal logic. An attacker with the ability to influence skill configuration or trigger cross-skill rendering could craft or reference malicious frontmatter targets to force inclusion of unrelated rule sets, thereby exfiltrating confidential prompts, bypassing guardrails, or manipulating downstream model behavior.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
ai-rulez is vulnerable to Resource Leakage in versions 3.0.0 - 3.7.1.
How to fix this
Upgrade the ai-rulez library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant