SkyworkAI DeepResearchAgent OS Command Injection Vulnerability

A critical vulnerability allowing OS command injection has been identified in SkyworkAI DeepResearchAgent versions prior to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. The issue arises in the 'from_code', 'from_dict', and 'from_mcp' functions within 'src/tools/tools.py', where user-controlled input is improperly validated before being executed as a system command. This flaw can be exploited remotely, with available public proof-of-concept exploits.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where DeepResearchAgent is running, with the same privileges as the application process.

Reproduction

The vulnerability can be reproduced by loading a tool from an external source that includes maliciously crafted input. This input will be executed by the application without any sanitization, leading to OS command injection. The public exploit available on GitHub can be used to demonstrate this vulnerability.