Path Traversal
github.com/eat-pray-ai/yutu is vulnerable to Path Traversal. The vulnerability is due to the caption-download MCP tool passing a caller-controlled file path directly to os.Create without path validation, canonicalization, or restriction to the YUTUROOT directory, which allows an attacker to write...