smolagents Agent.from_folder() Path Traversal β RCE
Tool names in agent.json are not validated. ../ in tool names reads and
exec()s files outside the tools/ directory.
Affected: smolagents/agents.py:1133-1135
# agent.json: {"tools": ["../evil"]}
# Reads: folder/tools/../evil.py = folder/evil.py (outside tools/)
# Then: exec(evil_code) β RCE
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support