torrentclaw/torrentclaw-skill
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(security): use --data-urlencode in SKILL.md curl commands
Some checks failed
CI / Lint commits (push) Failing after 0s
Details
CI / Lint shell scripts (push) Failing after 1s
Details
CI / Security patterns check (push) Failing after 1s
Details

Browse source
This commit is contained in:
Deivid Soto 2026-02-16 11:44:34 +01:00
parent d3d6c702ed
commit 42cf17d5a8
2 changed files with 45 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

9
CHANGELOG.md
View file

@ -2,6 +2,15 @@
All notable changes to this project will be documented in this file.
## [0.1.17] - 2026-02-16
### Security
- Fix shell injection vulnerability in SKILL.md curl search commands
- Replace direct URL interpolation with `curl -G --data-urlencode` for all user-supplied query parameters
- Add explicit instruction to never interpolate user input directly into URL strings
- Update all curl examples (search, episode, common patterns, auth) to use safe parameter encoding
## [0.1.16] - 2026-02-14
### Security