You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Loading the tokens from an alternative file format such as JSON would be safer, given the intended use-case of an agent that can write to the file system. In theory someone using goex with their agent could be prompt injected and the agent could try to overwrite the token.pickle file with an arbitrary python code (unless properly sandboxed).
The text was updated successfully, but these errors were encountered:
Note that pickle is not secure (see https://docs.python.org/3/library/pickle.html) and can lead to remote code execution:
gorilla/goex/function/slack_read_messages.py
Line 13 in a3e7b2c
Loading the tokens from an alternative file format such as JSON would be safer, given the intended use-case of an agent that can write to the file system. In theory someone using goex with their agent could be prompt injected and the agent could try to overwrite the token.pickle file with an arbitrary python code (unless properly sandboxed).
The text was updated successfully, but these errors were encountered: