Vibe Coding
Tip: Whitelist Agent Bash Commands Rather Than Blacklisting — Escape Chains Create Unpredictable Compound Commands
The r/LocalLLaMA rm-rf incident demonstrates that agents chain multiple commands with pipes, semicolons, and subshells, creating compound operations that bypass individual command checks. The defensive pattern: maintain an explicit allowlist of permitted commands (git, npm, pytest, make) rather than trying to block dangerous ones. For file operations, use structured tools (Read/Write/Edit) instead of bash. For builds, use Makefiles or task runners that constrain execution paths. Never grant unrestricted bash to an agent operating on your primary worktree.
Source
↳ Follow the thread