Agents
Agent SkillSlip: Path Traversal Vulnerability Affects Gemini CLI, Claude Code, and Vercel add-skill Installers
Security researcher Aonan Guan disclosed Agent SkillSlip — a class of path traversal vulnerabilities where the 'name' field in skill metadata is passed to path.join() without validation, enabling VS Code hijacking and SSH key injection invisible to the user. An attacker-controlled skillName like '../../.vscode' writes to project directories instead of the intended skills folder. Vercel patched in add-skill v1.0.21+; Gemini CLI remains unpatched as of v0.34.0-nightly. Google acknowledged the report but has not confirmed whether they will patch.
↳ Follow the thread