Why it matters

Command injection via LLM is critical. Understanding shapes shell tool safety.

Advertisement

The architecture

LLM builds command from input.

Attacker injects ; || `.

Executes attacker command.

Command injection flowInputwith metacharsLLM constructs cmdunsafe concatShell executesattacker commandNever concatenate; use argv arrays + parameterization; sandbox all exec
Command injection.
Advertisement

How it works end to end

Use argv arrays (no shell).

Parameterize.

Sandbox exec (gVisor).

Deny dangerous commands.