CVE-2026-47393: Ai Agent Uncontained File Operation
AI agent tools (classes with Tool, Skill, or Agent in the name) are exposing file operations via static methods. This typically indicates a lack of per-agent workspace or sandbox containment, making the application vulnerable to path traversal and arbitrary file manipulation by the LLM. Implement these as instance methods and enforce instance-bound workspace
greprules fetch cve-2026-47393-ai-agent-uncontained-file-operation --engine opengrepDescription
AI agent tools (classes with Tool, Skill, or Agent in the name) are exposing file operations via static methods. This typically indicates a lack of per-agent workspace or sandbox containment, making the application vulnerable to path traversal and arbitrary file manipulation by the LLM. Implement these as instance methods and enforce instance-bound workspace
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.