Spdc-Elm

**Name of the Vulnerable Software and Affected Versions** automagik-genie version 2.5.27 **Description** Command injection allows attackers to execute arbitrary commands through the 'view task' (also known as 'view') within the `readTranscriptFromCommit()` function located in 'dist/mcp/server.js'. This occurs when a user reads from an external `FORGE BASE URL`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.