There is a bug in Generic Worker which occurs when a task payload specifies an absolute path to an artifact, or an absolute path to a file or directory inside a mount. Instead of respecting the provided path, Generic Worker effectively strips any leading slash and then evaluates the path as a relative path from the task directory. This is due to it internally using go's filepath.Join function which has this behaviour:

filepath.Join(<task directory>, <provided path>)

Instead, Generic Worker should first check if the provided path is absolute, and only join it to the task directory if it is not.

Note absolute paths are useful for e.g. mounting under /usr/local/bin or e.g. publishing artifacts from files inside /var/log and since mounting/publishing artifacts is performed as task user, there is no reason to forbid absolute file locations. The OS already limits where the (unprivileged) task user can read/write, and the task commands also are not subject to such restrictions.

Of course relative paths are still supported, and are expected for files inside the task directory (since task author cannot predict what the task directory path will be), and paths are allowed to start with e.g. ../ if really desired, since they do not pose any additional security risk.