Check reference / Safety & Security
SAFETY-04 No shell-injection in `!` blocks
Deterministic — runs on every scan, no LLM or network needed.
Why it matters
A !`…` dynamic-context block runs a real shell command before the model sees anything. Interpolating `$ARGUMENTS` or `$1` into it means whoever invokes the command controls part of a shell line — a `; rm -rf ~` in an argument gets executed, not read.
How to fix it
Keep !`…` blocks static and let the prompt body handle the arguments. If the command truly needs user input, validate and quote it first — never splice `$ARGUMENTS`, `$1..$9`, or `${…}` in raw.
Example
✗ flagged
!`git log --author=$ARGUMENTS`✓ passes
!`git log --oneline -20`