Arbitrary Code Injection
Langroid is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper sandboxing of Python eval that fails to remove builtins, which allows an attacker to execute arbitrary operating system commands through crafted LLM-generated tool messages...