Bash Security Validator — Production Agent Shell Safety

An agent with shell access and no validator chain is a liability with good intentions. This SKILL.md is the complete production bash security architecture — not a checklist to review, a pre-execution pipeline to install.

---

⚡ What's Inside

• The full 19-validator chain Every check in sequence with the dangerous pattern it closes. Injection prevention, path validation, privilege escalation detection, destructive operation guards, and the Zsh-specific traps that bash-only resources miss entirely

• Fail-fast architecture The chain evaluates in priority order, aborts on first failure, logs what it caught, and never partially executes a command it rejected

• Dangerous command pattern library The exact patterns that have caused real damage: rm -rf with unquoted variables, curl-to-bash, sudo without path anchoring, chained operators that bypass intent, wildcard expansion in destructive contexts

• Zsh compatibility layer Five validator adjustments specific to Zsh behavior that standard bash security guides do not address

---

🏭 Proven in Production

This chain did not start at 19 validators. It started at 3. Every new validator was added when something slipped through what was already there. Each one has a real incident behind it. This is accumulated operational scar tissue, codified.

---

🆕 What's New in v1.1

• Seven additional Zsh-specific validators documented
• Injection pattern library expanded with three new chained-operator cases

---

✅ Core Capabilities

• ✅ Complete 19-validator pre-execution pipeline — install and your agent's shell is hardened
• ✅ Fail-fast abort logic — no partial execution, no silent pass-through
• ✅ Dangerous pattern library with root-cause explanations
• ✅ Zsh-specific compatibility layer — 5 validators adjusted for Zsh behavior
• ✅ Logging spec — every rejected command is captured with the validator that caught it
• ✅ Works with any Claude Code agent that uses exec tool calls