You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(mastracode-web): validate setup commands and document their trust model
Address the security-scan finding on setupCommand execution: reject
control characters (except newline/tab) at the settings route so escape
sequences and NULs can't reach the sandbox shell or spoof logs, and
document why arbitrary shell is intentional — the command is only
configurable by authenticated org members and runs exclusively inside
the project's isolated sandbox, the same environment where org members
already run arbitrary shell through the agent.
Co-Authored-By: Mastra Code (anthropic/claude-fable-5) <noreply@mastra.ai>
0 commit comments