Build a Command Security Pipeline for Your Agent
Agent QA & Security
120-180 minutes0/4 steps0%
Step 4 of 4
Order by severity and regression-test with an attack corpus
The most severe finding must win, and stay winning.
First time here? Paste the Context Pack first so the AI understands your project - open it from the header above.
Prompt Capsule
Implement result selection precisely: deny beats everything; among asks, parser-mismatch severity beats informational (a command flagged for both redirection and an escaped-operator trick must report the trick - the finding that means 'this will not execute the way it parses'); informational asks are deferred and only surface if nothing worse fired. Build the attack corpus: every attack class from your validators plus real transcripts, each labeled with expected outcome and expected reporting validator. Add benign-command cases asserting allow/passthrough to keep false positives visible. Run the corpus in CI; any change to a validator must keep the whole corpus green. Document the known-false-positive policy (e.g. find -exec's escaped semicolon asks once) - deliberate asks are fine, undocumented ones erode trust.
Paste into EmergentFull Build: complete implementation prompt with explicit requirements
Quick is short. Full Build is recommended for most steps. Strict forces real logic when the AI keeps faking output.
Actual change check
Expected after this step
Severity-correct selection verified by a CI-gated attack corpus.
Should NOT happen
- An existing feature broke
- A button only logs to console
- Data disappears after refresh
- Errors fail silently with no visible state
This is what should exist before you continue. If reality does not match, do not move on.
Track what changed, failed, or needs follow-up. Notes export with the flow.
Pass the Verify Gate to complete this step