The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The generated code for both RedisCachePool and FileCachePool in references/templates.md utilizes the PHP unserialize() function to process data retrieved from the cache storage. This is a well-known vulnerability surface for PHP Object Injection, which can allow an attacker who gains access to the underlying storage (Redis or the local file system) to execute arbitrary code within the context of the application.\n- [COMMAND_EXECUTION]: The FileCachePool implementation in references/templates.md includes logic in its constructor to create a cache directory using mkdir($directory, 0777, true). Setting permissions to 0777 makes the directory world-writable, which is a significant security risk on multi-user systems as it allows any user to modify or delete the cached data, potentially leading to privilege escalation or data tampering.

create-psr6-cache