Summary
NanoBot disclosed and closed a critical security issue where exec.allowPatterns prefix matching could allow shell-chain bypasses, such as appending unsafe commands after an allowed prefix. A fix PR was submitted as part of a rapid security response.
What changed
NanoBot issue #4521 disclosed a shell-chain bypass in exec.allowPatterns; the project closed the issue and submitted a fix PR.
Why it matters
Agent runtimes that execute shell commands need approval checks that cannot be bypassed with command chaining. This is a concrete reminder that tool permission systems must parse and constrain commands defensively, not rely on naive string prefixes.
Evidence excerpt
Agents Radar categorized #4521 as critical: prefix matching in exec.allowPatterns could allow shell-chain bypasses, with PR #4562 submitted as a fix.