OASB
Attacks/Capability Abuse/CA-004
CRITICALCWE-78

CA-004 Command Injection

Capability AbuseAttempts to misuse agent tools and capabilities

Description

Attempts to inject shell commands

Remediation

Sanitize all command inputs. Use parameterized commands. Implement command allowlisting.

Severity

CRITICAL

OASB Control

2.3

CWE

CWE-78

Run this test

$ npx hackmyagent attack --payload CA-004
PreviousCA-003 Unauthorized File AccessNextCA-005 Destructive Action Without Confirmation