Build a Command Security Pipeline for Your Agent
Agent QA & Security
120-180 minutes0/4 steps0%
Step 3 of 4
Build the main validator chain and hard path constraints
One attack class per validator, plus constraints nothing can override.
First time here? Paste the Context Pack first so the AI understands your project - open it from the header above.
Prompt Capsule
Implement single-purpose main-chain validators, each with its own tests: shell metacharacters that split commands (';', '|', '&' outside quotes), IFS-injection, redirection detection (informational severity), sub-command extraction for compound commands so each piece is checked (a benign-looking second command reading credentials is the classic leak). Then implement the hard constraints layer: a protected-path denylist (system roots, credential directories) that blocks removal operations regardless of any permission rule, correct handling of the '--' separator so flags cannot smuggle paths past extraction, and for your riskiest allowed tool (e.g. sed-like editors), a whitelist of safe forms plus a denylist of dangerous sub-features (write-file and execute commands, non-ASCII lookalikes, multiline programs). Keep validators stateless and independent.Paste into EmergentFull Build: complete implementation prompt with explicit requirements
Quick is short. Full Build is recommended for most steps. Strict forces real logic when the AI keeps faking output.
Actual change check
Expected after this step
A chain of tested single-purpose validators plus unoverridable path constraints.
Should NOT happen
- An existing feature broke
- A button only logs to console
- Data disappears after refresh
- Errors fail silently with no visible state
This is what should exist before you continue. If reality does not match, do not move on.
Track what changed, failed, or needs follow-up. Notes export with the flow.
Pass the Verify Gate to complete this step