skills is vulnerable to Command Injection
88
High Risk
The skills CLI clones skill repositories by passing user-influenced source URLs directly to git through cloneRepo in src/git.ts. A source URL that uses git's ext:: transport (for example ext::sh -c <command>) makes git run an arbitrary command as a remote helper, so a crafted skills add argument or a skills-lock.json source entry executes attacker-controlled commands during install or update. On Windows the update path additionally spawned the installer through a shell, letting metacharacters in lock-file source or ref fields inject further commands. The fix rejects ext:: transport URLs before invoking git and stops spawning skill updates through a shell.
You are affected if you are using a version that falls within the vulnerable range and install or update skills from an untrusted source URL or skills-lock.json.
skills is vulnerable to Command Injection in versions 1.1.0 - 1.5.15.
Upgrade the skills library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

I consent to receiving marketing communications based on Aikido’s Privacy Policy.
SOC 2Compliant
ISO 27001Compliant