EXECUTIVE SUMMARY:
CVE-2026-00001 with a CVSS score of 7.1 is a path‑traversal and symlink‑follow vulnerability in the Rust‑based skillctl package affecting all versions prior to 0.1.2; the flaw resides in the handling of skill folders, the .skills.toml configuration file, and the detect command. An attacker can craft a malicious skills library that includes a symlink (e.g., niania → /home/user/.aws/credentials) which bypasses the directory check in fs_util::copy_dir_all, causing fs::copy to read the target file and embed its contents into the project; a subsequent skillctl push would then publish the secret to a public library. Similarly, by submitting a .skills.toml with an absolute destination or source_path (e.g., "/home/user/.ssh") or using “..” components, the attacker can cause Path::join to resolve outside the project root, leading downstream remove_dir_all calls to delete arbitrary writable directories during skillctl pull/push/detect. Exploitation requires the victim to execute skillctl commands on a machine where they have write access to the project and the attacker to have their malicious skill library merged via a pull request. Successful exploitation can result in credential exfiltration, unauthorized data deletion, and potential compliance breaches, especially if sensitive configuration files are exposed or critical directories are erased. Prerequisites include the victim running vulnerable skillctl commands and the attacker’s ability to deliver crafted skill assets or configuration files.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-00001 with a CVSS score of 7.1 is a path‑traversal and symlink‑follow vulnerability in the Rust‑based skillctl package affecting all versions prior to 0.1.2; the flaw resides in the handling of skill folders, the .skills.toml configuration file, and the detect command. An attacker can craft a malicious skills library that includes a symlink (e.g., niania → /home/user/.aws/credentials) which bypasses the directory check in fs_util::copy_dir_all, causing fs::copy to read the target file and embed its contents into the project; a subsequent skillctl push would then publish the secret to a public library. Similarly, by submitting a .skills.toml with an absolute destination or source_path (e.g., "/home/user/.ssh") or using “..” components, the attacker can cause Path::join to resolve outside the project root, leading downstream remove_dir_all calls to delete arbitrary writable directories during skillctl pull/push/detect. Exploitation requires the victim to execute skillctl commands on a machine where they have write access to the project and the attacker to have their malicious skill library merged via a pull request. Successful exploitation can result in credential exfiltration, unauthorized data deletion, and potential compliance breaches, especially if sensitive configuration files are exposed or critical directories are erased. Prerequisites include the victim running vulnerable skillctl commands and the attacker’s ability to deliver crafted skill assets or configuration files.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-wx3m-whqv-xv47