What happened?
The run_shell_command tool is vulnerable to command injection. When a string containing shell command substitution syntax (e.g., $(...) or `...`) is passed as an argument, the tool executed the substituted command instead of treating it as a literal string.
What did you expect to happen?
The run_shell_command tool should have treated the command substitution syntax (e.g., $(ls)) as a literal string. The command should have failed or returned the literal string echo $(ls) instead of executing the ls command.
Client information
- CLI Version: 0.20.0
- Git Commit: d0ce3c4
- Session ID: a54ef861-a20-4535-8156-6b678ee7ae88
- Operating System: linux v23.11.1
- Sandbox Environment: no sandbox
- Model Version: gemini-2.5-pro
- Memory Usage:#00.7 MB
Login information
Google Account
Anything else we need to know?
This is a critical security vulnerability. It was discovered when a git commit message containing backticks was passed to the run_shell_command tool. The shell interpreted the backticks as command substitution and executed the content, which could allow for arbitrary code execution.
What happened?
The
run_shell_commandtool is vulnerable to command injection. When a string containing shell command substitution syntax (e.g.,$(...)or`...`) is passed as an argument, the tool executed the substituted command instead of treating it as a literal string.What did you expect to happen?
The
run_shell_commandtool should have treated the command substitution syntax (e.g.,$(ls)) as a literal string. The command should have failed or returned the literal stringecho $(ls)instead of executing thelscommand.Client information
Login information
Google Account
Anything else we need to know?
This is a critical security vulnerability. It was discovered when a git commit message containing backticks was passed to the
run_shell_commandtool. The shell interpreted the backticks as command substitution and executed the content, which could allow for arbitrary code execution.