This release includes 1 security fix for security teams reviewing exposed deployments.
Affected surfaces
Summary
AI summaryFixed arbitrary workspacePath read/write/delete vulnerability.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
Fixes arbitrary workspacePath read/write/delete vulnerability. Fixes arbitrary workspacePath read/write/delete vulnerability. Source: llm_adapter@2026-05-25 Confidence: low |
— |
| Security | Medium |
Restricts filesystem operations to trusted workspace roots, fixing arbitrary read/write/delete vulnerability. Restricts filesystem operations to trusted workspace roots, fixing arbitrary read/write/delete vulnerability. Source: granite4.1:30b@2026-05-25-audit Confidence: low |
— |
| Feature | Medium |
Adds duplicate skill disambiguation with source-aware flows. Adds duplicate skill disambiguation with source-aware flows. Source: llm_adapter@2026-05-25 Confidence: high |
— |
| Dependency | Medium |
Updates dependency versions to remove known production audit issues. Updates dependency versions to remove known production audit issues. Source: llm_adapter@2026-05-25 Confidence: high |
— |
| Performance | Medium |
Adds bounded timeouts and safer raw-content URL handling for GitHub API and content fetches. Adds bounded timeouts and safer raw-content URL handling for GitHub API and content fetches. Source: llm_adapter@2026-05-25 Confidence: high |
— |
| Bugfix | Medium |
Prevents install/localize/uninstall from selecting first partial match when multiple skills match. Prevents install/localize/uninstall from selecting first partial match when multiple skills match. Source: llm_adapter@2026-05-25 Confidence: high |
— |
| Bugfix | Medium |
Prevents silent overwrite when same skill name is installed from different source. Prevents silent overwrite when same skill name is installed from different source. Source: llm_adapter@2026-05-25 Confidence: high |
— |
| Bugfix | Medium |
Preserves manual AGENTS.md content while updating only managed installed-skills section. Preserves manual AGENTS.md content while updating only managed installed-skills section. Source: llm_adapter@2026-05-25 Confidence: low |
— |
| Refactor | Medium |
Tightens addSource repository URL validation to accept only repository roots and enables forceConsistentCasingInFileNames in TypeScript config. Tightens addSource repository URL validation to accept only repository roots and enables forceConsistentCasingInFileNames in TypeScript config. Source: llm_adapter@2026-05-25 Confidence: low |
— |
Full changelog
Changelog
0.1.1
- Fixed arbitrary workspacePath read/write/delete by restricting filesystem operations to trusted workspace roots.
- Added duplicate skill disambiguation with source-aware search, recommend, install, and localize flows.
- Stopped install, localize, and uninstall flows from choosing the first partial match when multiple different skill names match a query.
- Prevented silent overwrite when the same skill name is installed from a different source.
- Preserved manual AGENTS.md content while updating only the managed installed-skills section.
- Added bounded timeouts and safer raw-content URL handling for GitHub API and content fetches.
- Tightened addSource repository URL validation to accept only repository roots and enabled forceConsistentCasingInFileNames in TypeScript config.
- Updated dependency versions to remove known production audit issues.
- Synchronized English and Japanese documentation with security and duplicate-skill behavior.
Security Fixes
- Fixed arbitrary workspacePath read/write/delete by restricting filesystem operations to trusted workspace roots
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About aktsmm/skill-ninja-mcp-server
Agent Skill Ninja for MCP: Search, install, and manage AI agent skills (SKILL.md files) from GitHub repositories. Features workspace analysis for personalized recommendations and supports 140+ pre-indexed skills.
Related context
Beta — feedback welcome: [email protected]