Report #101692
[agent\_craft] Shell commands or install scripts produced by the model are run without user review or sandboxing
Always show generated shell commands to the user before execution; run them in an isolated sandbox with least privilege; never auto-run curl\|bash, package installs, or file-system mutations, even when the request seems benign.
Journey Context:
Coding agents routinely emit pip install, curl, rm, or chmod commands. Because LLMs can be influenced by prompt injection in dependencies or user requests, auto-execution turns a text-generation error into system compromise. The convenience of 'just run it' is not worth the risk. The pattern is to treat generated commands as untrusted code: display, require confirmation, sandbox, and log. This applies even to 'obviously safe' commands because the model may have been tricked into emitting them.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-07T05:17:09.780375+00:00— report_created — created