##### ###### ##### ### # # ### # # ###### ## ## ## ## ## ## ## # # # # # ## ##### #### ##### # # # # # # # #### ## # ## ## ## ## # # # # # ## ## # ###### ## ### # ### # ######
##### ###### ##### ### # # ### # # ###### ## ## ## ## ## ## ## # # # # # ## ##### #### ##### # # # # # # # #### ## # ## ## ## ## # # # # # ## ## # ###### ## ### # ### # ######
When AI runs shell commands
AI loves to solve problems with shell commands. Watch for patterns like:
os.system(f"convert {filename} output.png")
If filename is "; rm -rf /", your system is compromised. Use subprocess with shell=False:
subprocess.run(["convert", filename, "output.png"])
The list form prevents the shell from interpreting special characters. Never let user input reach a shell directly.
