AI Threat Alert
PraisonAI CLI automatically resolves @url mentions in prompt text and
requires critical-level approval, read_skill_file has neither protection. An agent influenced by prompt injection can exfiltrate sensitive files without triggering any approval prompt
Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in
PraisonAIAgents: Path Traversal via Unvalidated Glob Pattern in list_files
PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent
from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image
prefix check that did not append a trailing path separator. A model steered by prompt injection could supply a crafted path that resolved to a sibling directory sharing the memory
PraisonAI is a multi-agent teams system. Prior to 4.5.128
OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences
Open WebUI: Sharing models for others to use (read permission
TaskWeaver has Protection Mechanism Failure and Server-Side Request Forgery
PraisonAI: Unauthenticated Information Disclosure of Agent Instructions via /api/agents in
wireshark-mcp vulnerable to arbitrary file write via export_objects
OpenClaw: Agent gateway config mutations could change protected operator settings
openclaw-claude-bridge: sandbox is not effective - `--allowed-tools ""` does
Text Prompter – Unlimited chatgpt text prompts for openai tasks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'text_prompter' shortcode in all versions
Open WebUI: Cross-user file disclosure via /api/chat/completions image_url
vLLM Vulnerable to Remote DoS via Special-Token Placeholders
@rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw