Tag
PraisonAI versions prior to 4.5.121 are vulnerable to OS command injection, allowing attackers to execute arbitrary shell commands via user-controlled input in agent workflows, YAML definitions, and LLM-generated tool calls.