Why it matters
Command injection via LLM is critical. Understanding shapes shell tool safety.
Advertisement
The architecture
LLM builds command from input.
Attacker injects ; || `.
Executes attacker command.
Advertisement
How it works end to end
Use argv arrays (no shell).
Parameterize.
Sandbox exec (gVisor).
Deny dangerous commands.