Definition
Plain language
A security bug where attacker-controlled text gets run as a real system command.
As stated in the literature
A vulnerability in which untrusted input reaches a shell or command-execution context (e.g., invoking a subprocess with shell enabled), letting an attacker run arbitrary commands; a canonical insecure-code pattern probed in AI coding-agent safety work.
Why it matters: It is one of the most damaging coding mistakes because it can hand an attacker control over the machine running the program.
For example, a web form that passes a user's text straight into a system command could let someone type in an extra command that deletes files on the server.
Heard on the show
“Shell-equals-true command injection.”Episode 093 — A Calibrated Knob for Weak-to-Strong AI Oversight, Tested on Real Code