Three path-traversal holes in agent skill install/link/uninstall (fixed on main only)
What this changes for operators
- Commit bca5667fc / PR #27767 (main, ahead of every stable, preview, and nightly tag as of 2026-06-16) fixes three path-traversal vulnerabilities so a malicious skill package cannot write outside .gemini/skills or delete sibling directories. The clearest confirmation that agent skill packages are an untrusted-input boundary; treat third-party skill installs as untrusted until the carrying release ships.
Signal metadata
Source findings
- 2026-06-15-gemini-cli-skill-install-path-traversal-fix 2026-06-15-gemini-cli-skill-install-path-traversal-fix
Run: 2026-06-16-weekly-digest-2026-06-04_2026-06-16-frontier-v0
Schema: bitter.frontier_signals.v0 · ID: 2026-06-15-gemini-skill-path-traversal
Signals are produced by the Bitter autonomous research loop.