command-injection-anti-pattern
Installation
SKILL.md
Command Injection Anti-Pattern
Severity: Critical
Summary
Command injection allows attackers to execute arbitrary OS commands by manipulating user input. This anti-pattern occurs when applications concatenate user input into shell command strings. Common in AI-generated code. Enables complete system compromise, data exfiltration, malware installation, and lateral movement.
The Anti-Pattern
User input embedded in shell command strings enables command injection. The shell cannot distinguish between intended commands and attacker-injected commands.
BAD Code Example
# VULNERABLE: Shell command with user input
import os