Key Information Vulnerability Description Vulnerability Type: CWE-94 Code Injection Affected Function: Issue: This function directly executes user-provided string code using the function. Since runs code within a defined namespace that includes several critical libraries (such as , , , etc.), attackers can exploit these libraries to perform unauthorized operations, such as reading sensitive files, modifying system configurations, or executing malicious network activities. Exploitation Method Example Code: Explanation: Attackers use the library's function to read the file, convert its contents into a tab-separated string, and store it in the variable. When the function runs the provided code, attackers can retrieve the contents of via the return value, thereby gaining access to sensitive system information. Impact Scope Affected Versions: All code versions from onwards, ranging from v0.1.0 to v0.1.4. Latest Main Branch: Also affected by this vulnerability. Mitigation Measures Current Status: No plans to fix Temporary Workaround: Some workarounds have been added in #502, but a full fix will not be implemented, as the repository is intended to run in a Docker environment, which significantly reduces potential security risks. Documentation Update: A SECURITY section has been added to the README to more clearly inform users about this issue.