Oftentimes using the various skills in Claude Code, I get prompted to confirm proceeding because of a Command contains $() command substitution.
I don't know if it's possible to architect some of the tools in way that avoids this, but if so I think it'd be best practice to do so. This practice raises an eyebrow for sure and opens up potential for attackers in forked repos pretending to be a trusted party.
Upon investigation (because I wasn't already familiar with shell command substitution), this summarizes my concern best:
Command substitution is risky because the inner command runs with full system privileges before you ever see the final command — so if that inner command produces unexpected or malicious output, it gets silently executed as part of something you thought you were approving.
Oftentimes using the various skills in Claude Code, I get prompted to confirm proceeding because of a
Command contains $() command substitution.I don't know if it's possible to architect some of the tools in way that avoids this, but if so I think it'd be best practice to do so. This practice raises an eyebrow for sure and opens up potential for attackers in forked repos pretending to be a trusted party.
Upon investigation (because I wasn't already familiar with shell command substitution), this summarizes my concern best: