Check reference / Safety & Security

SAFETY-04 No shell-injection in `!` blocks

Safety & Security · 15% of the grade · deterministic · applies to skills · subagents · slash commands

Deterministic — runs on every scan, no LLM or network needed.

Why it matters

A !`…` dynamic-context block runs a real shell command before the model sees anything. Interpolating `$ARGUMENTS` or `$1` into it means whoever invokes the command controls part of a shell line — a `; rm -rf ~` in an argument gets executed, not read.

How to fix it

Keep !`…` blocks static and let the prompt body handle the arguments. If the command truly needs user input, validate and quote it first — never splice `$ARGUMENTS`, `$1..$9`, or `${…}` in raw.

Example

✗ flagged
!`git log --author=$ARGUMENTS`
✓ passes
!`git log --oneline -20`