I just opened 3 security issues on two of the most popular AI agent frameworks on GitHub (combined 110K+ stars).

The Issues

microsoft/autogen#7917: Docker code executor mounts host filesystem into sandboxed containers without trust boundary validation — container escape vector.

microsoft/autogen#7918: Agent self-modification patterns in Canvas memory module — agents can alter their own operating constraints during execution.

run-llama/llama_index#22245: 441 instances of unbounded recursive agent execution across 2,951 files — systemic resource exhaustion risk.