What happened
PraisonAI (pip package praisonaiagents) before 1.6.78 automatically loads defaults from a project-local .praisonai/config.toml when constructing an Agent, without validating the defaults.output.output_file path. A repository-controlled config file can set output_file to an absolute or '../' traversal path, which is used when the developer calls agent.start().
Why it matters
An attacker who can influence a repository's config file (e.g., via a malicious PR or supply-chain contribution) can cause a PraisonAI agent to write output to arbitrary filesystem locations outside the intended project directory when the victim developer runs the agent.
Attack vector
Malicious .praisonai/config.toml in a repository sets output_file to an absolute or traversal path, exploited when a developer runs agent.start()
Affected systems
PraisonAI (pip package praisonaiagents) < 1.6.78
Mitigation
Upgrade to PraisonAI ≥1.6.78; review repository-local config files before running agents against untrusted repos