destructive-command-guard
Warn
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's installation guide in 'references/installation.md' instructs users to download a shell script using 'curl' from 'raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/'. This repository is not part of the trusted vendor list and does not match the 'oakoss' vendor patterns.
- [REMOTE_CODE_EXECUTION]: The documentation encourages users to run the downloaded script directly through 'bash' and to use 'cargo install --git' to compile and install code from the same unverified GitHub account. This pattern allows for the execution of arbitrary code from a remote source on the user's machine.
- [COMMAND_EXECUTION]: The utility registers itself as a 'PreToolUse' hook in the AI agent's configuration file ('~/.claude/settings.json'). This enables a third-party binary ('dcg') to intercept, inspect, and decide whether to block every Bash command the agent attempts to execute.
- [INDIRECT_PROMPT_INJECTION]: The skill creates an attack surface by ingesting and processing all command strings generated by the agent.
- Ingestion points: Reads JSON-formatted tool inputs via standard input (stdin) for every shell invocation.
- Boundary markers: None identified; it processes the full command string provided by the agent.
- Capability inventory: The binary has the authority to block execution (exit code 2) or permit it (exit code 0).
- Sanitization: Performs command normalization and uses Aho-Corasick pattern matching to filter content, but remains vulnerable to maliciously crafted command inputs that might bypass or exploit the matching logic.
Audit Metadata