{
  "version": "1.0",
  "type": "repository",
  "interval": "day",
  "date": "2026-04-17",
  "generatedAt": "2026-05-13T23:41:49.578Z",
  "sourceLastUpdated": "2026-05-13T23:41:49.578Z",
  "contentFormat": "markdown",
  "contentHash": "ee33e5461fd6d7ee71d01a213a9ff83c26cde732a3c62c9ad2512729e41a235d",
  "entity": {
    "repoId": "elizaos-plugins/plugin-evm",
    "owner": "elizaos-plugins",
    "repo": "plugin-evm"
  },
  "content": "# elizaos-plugins/plugin-evm Daily Update (Apr 17, 2026)\n\n## OVERVIEW \nDevelopment on April 17, 2026, focused on expanding network support and resolving security vulnerabilities within the broader framework. A new pull request was opened to integrate the Radius Network, while critical security patches for command injection and sandbox escapes were successfully implemented and closed.\n\n## KEY TECHNICAL DEVELOPMENTS\n*   **Network Integration**\n    *   Initiated support for the Radius Network (eip155:723487) via [#29](https://github.com/elizaos-plugins/plugin-evm/pull/29).\n\n## NEWLY OPENED PULL REQUESTS\n*   [#29](https://github.com/elizaos-plugins/plugin-evm/pull/29): feat: add Radius Network support (eip155:723487). Status: Open.\n\n## CLOSED ISSUES\n*   **Security Vulnerability Patches**\n    *   Resolved command injection risks in window management functions by implementing strict `windowId` validation [#6766](https://github.com/elizaos-plugins/plugin-evm/issues/6766).\n    *   Fixed a sandbox escape vulnerability related to `new Function()` prototype chain access in the browser workspace environment [#6767](https://github.com/elizaos-plugins/plugin-evm/issues/6767).\n*   **Release Workflow Cleanup**\n    *   Closed multiple automated issue reports regarding failed alpha releases, as these were identified as noise to be handled by future workflow adjustments [#6776](https://github.com/elizaos-plugins/plugin-evm/issues/6776), [#6777](https://github.com/elizaos-plugins/plugin-evm/issues/6777), [#6794](https://github.com/elizaos-plugins/plugin-evm/issues/6794), [#6797](https://github.com/elizaos-plugins/plugin-evm/issues/6797), [#6798](https://github.com/elizaos-plugins/plugin-evm/issues/6798).\n\n## NEW ISSUES\n*   None.\n\n## ACTIVE ISSUES\n*   [#6766](https://github.com/elizaos-plugins/plugin-evm/issues/6766): Addressed command injection via unsanitized `windowId`. The fix involved implementing `validateWindowId()` using regex to ensure only valid IDs are processed, alongside proper escaping for window titles in AppleScript and PowerShell.\n*   [#6767](https://github.com/elizaos-plugins/plugin-evm/issues/6767): Addressed sandbox escape via `new Function()`. The fix explicitly blocks `eval` in the JSDOM path and clarifies that the desktop browser workspace executes within a separate tab context, mitigating the risk of host process access."
}