Skip to content

Palladius patch 1 #20645

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
AKB0700 wants to merge 3 commits into from
Closed

Palladius patch 1 #20645

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
936b3f0
Update prompts.ts to suggest single quotes in git commits
palladius Jul 21, 2025
9e964e0
Apply suggestion from @gemini-code-assist[bot]
jacob314 Jul 21, 2025
532ae74
Merge branch 'main' into palladius-patch-1
jacob314 Jul 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions packages/core/src/core/prompts.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,7 @@ ${(function () {
- After each commit, confirm that it was successful by running \`git status\`.
- If a commit fails, never attempt to work around the issues without being asked to do so.
- Never push changes to a remote repository without being asked explicitly by the user.
- When issuing \`git commit -m 'My Message'\` use single quotes rather than double quotes, as double quotes interact poorly with backticks.
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot Feb 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-high high

The prompt instruction to use single quotes for git commit -m is an insufficient security measure against command injection, as it relies on LLM adherence for safety. The underlying ShellTool in packages/core/src/tools/shell.ts is highly vulnerable because its isCommandAllowed function fails to validate backticks, other shell substitutions like <( ), or the & operator and newlines, allowing command chaining. Additionally, this single-quote recommendation introduces a new problem where commit messages containing single quotes will cause shell errors. A more robust solution involves fixing the ShellTool's validation logic and instructing the agent to use git commit -F <file> with a temporary file to avoid all shell quoting issues.

References
  1. To prevent prompt injection, avoid including user-provided input in content passed to the LLM (llmContent). If the input is needed for display purposes, use returnDisplay instead. This comment highlights a command injection risk where user-provided input (e.g., commit message) could be embedded into an LLM-generated shell command, leading to vulnerabilities if not properly handled.

`;
}
return '';
Expand Down
Loading