Summary

NanoBot disclosed and closed a critical security issue where exec.allowPatterns prefix matching could allow shell-chain bypasses, such as appending unsafe commands after an allowed prefix. A fix PR was submitted as part of a rapid security response.

What changed

NanoBot issue #4521 disclosed a shell-chain bypass in exec.allowPatterns; the project closed the issue and submitted a fix PR.

Why it matters

Agent runtimes that execute shell commands need approval checks that cannot be bypassed with command chaining. This is a concrete reminder that tool permission systems must parse and constrain commands defensively, not rely on naive string prefixes.

Evidence excerpt

Agents Radar categorized #4521 as critical: prefix matching in exec.allowPatterns could allow shell-chain bypasses, with PR #4562 submitted as a fix.

Sources