Kimi Agent SDK Command Injection Vulnerability in Publish Scripts

A command injection vulnerability has been identified in the Kimi Agent SDK, specifically in the vsix-publish.js and ovsx-publish.js scripts. These scripts pass filenames to the execSync() function as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters, such as $(cmd), could be exploited to execute arbitrary commands. It is important to note that this vulnerability exists only in the development scripts of the repository. The published VSCode extension does not include these files, and therefore end users are not affected.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the system where the publish scripts are run.

Remediation

Users can upgrade to Kimi Agent SDK version 0.1.6 or later, where this vulnerability has been fixed by replacing execSync with execFileSync, using array arguments. As an alternative, ensure that .vsix files in the project directory have safe filenames before executing the publish scripts.