@evomap/evolver: Path Traversal in `evolver fetch` default-branch `safeId` allows Hub-controlled overwrite of project files (RCE)

Summary

The evolver fetch subcommand in index.js writes Hub-supplied bundled_files[] into a directory derived from a Hub-supplied skill_id. When --out is not used, the path-sanitizing regex permits . characters, allowing a skill_id of .. to escape the skills/ subdirectory and resolve to the user's current working directory. Combined with the file-extension allow-list (which includes .js/.json/.sh/.py/.md), this lets a malicious Hub overwrite the victim's index.js, package.json, or other files in cwd, achieving remote code execution on the next invocation of the evolver.

Details

The vulnerable code is in the fetch command handler:

// index.js:847-873
const data = await resp.json();
const outFlag = args.find(a => typeof a === 'string' && a.startsWith('--out='));
const safeId = String(data.skill_id || skillId).replace(/[^a-zA-Z0-9_\-\.]/g, '_');
let outDir;
if (outFlag) {
  const rawOut = outFlag.slice('--out='.length);
  // ...
  const resolvedOut = path.resolve(process.cwd(), rawOut);
  const cwd = path.resolve(process.cwd());
  const rel = path.relative(cwd, resolvedOut);
  if (rel.startsWith('..') || path.isAbsolute(rel)) {     //