spawn

vrr/spawn

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-07 17:31:04 +00:00

History

A cc23013e7c fix: validate MODEL_ID from environment to prevent command injection (#548 ) The get_model_id_interactive function returned MODEL_ID from env vars without calling validate_model_id, bypassing the allowlist check. Also migrated 13 legacy scripts from raw safe_read to get_model_id_interactive which includes validation. Agent: security-auditor Co-authored-by: A <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-02-11 15:41:10 -08:00
..
common.sh	fix: validate MODEL_ID from environment to prevent command injection (#548 )	2026-02-11 15:41:10 -08:00

fix: validate MODEL_ID from environment to prevent command injection (#548 )

The get_model_id_interactive function returned MODEL_ID from env vars
without calling validate_model_id, bypassing the allowlist check. Also
migrated 13 legacy scripts from raw safe_read to get_model_id_interactive
which includes validation.

Agent: security-auditor

Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-02-11 15:41:10 -08:00

common.sh

fix: validate MODEL_ID from environment to prevent command injection (#548 )

2026-02-11 15:41:10 -08:00