Agent skill

detecting-command-injection

Detects OS command injection vulnerabilities by identifying unsafe system/popen/exec calls with user-controlled input. Use when analyzing command execution, shell operations, or investigating potential command injection points.

View SKILL.md on GitHub Repository
Stars 163
Forks 31

Install this agent skill to your Project

npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/data/detecting-command-injection

SKILL.md

Command Injection Detection

Detection Workflow

  1. Identify command execution points: Find system(), popen(), execve(), ShellExecute(), CreateProcess() calls
  2. Trace input sources: Use xrefs_to to trace command strings to user input (network, files, environment variables)
  3. Check sanitization: Verify input validation, character escaping, command argument separation, safe API usage
  4. Assess exploitability: Can attacker inject special characters (;, &, |, `)? Control command arguments? Execute multiple commands?

Key Patterns

  • Direct system() with unvalidated user input
  • popen() with partial sanitization
  • execve with insufficient validation
  • Indirect command execution via environment variables

Output Format

Report with: id, type (system/popen/exec), severity, confidence, location, sink, source, command string, sanitization status, exploitability, payload example, mitigation.

Severity Guidelines

  • CRITICAL: Direct use of system() with unvalidated user input
  • HIGH: popen() with partial sanitization
  • MEDIUM: execve with array but insufficient validation
  • LOW: Command execution with strict whitelisting

See Also

  • patterns.md - Detailed detection patterns and exploitation scenarios
  • examples.md - Example analysis cases and code samples
  • references.md - CWE references and mitigation strategies

Didn't find tool you were looking for?

Be as detailed as possible for better results