From b947b2b54eb656e6d5d25a8035fd8db578329ce4 Mon Sep 17 00:00:00 2001
From: Mustapha BARKI <code4yo@gmail.com>
Date: Tue, 29 Jul 2025 01:52:47 +0100
Subject: [PATCH] Potential fix for code scanning alert no. 12: Unsafe shell
 command constructed from library input

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Mustapha BARKI <code4yo@gmail.com>
---
 packages/core/src/tools/shell.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts
index 02fcbb7f1d8..c571a0a3dec 100644
--- a/packages/core/src/tools/shell.ts
+++ b/packages/core/src/tools/shell.ts
@@ -31,6 +31,7 @@ import {
   isCommandAllowed,
   stripShellWrapper,
 } from '../utils/shell-utils.js';
+import * as shellQuote from 'shell-quote';
 
 export const OUTPUT_UPDATE_INTERVAL_MS = 1000;
 
@@ -205,7 +206,7 @@ export class ShellTool extends BaseTool<ShellToolParams, ToolResult> {
         ? strippedCommand
         : (() => {
             // wrap command to append subprocess pids (via pgrep) to temporary file
-            let command = strippedCommand.trim();
+            let command = shellQuote.quote([strippedCommand.trim()]);
             if (!command.endsWith('&')) command += ';';
             return `{ ${command} }; __code=$?; pgrep -g 0 >${tempFilePath} 2>&1; exit $__code;`;
           })();