Bash PATH Prefix Scan
Use this skill when the user asks to scan Bash scripts for PATH prefix vulnerabilities or to audit external command usage.
Workflow
- •
Confirm scope
- •Use files the user names, or list Bash files with
rg --files -g '*.sh'. - •Include scripts without
.shif they have a Bash shebang.
- •Use files the user names, or list Bash files with
- •
Collect function overrides
- •Parse each file for function definitions:
name()andfunction name. - •Track function names per file and from sourced files (
sourceor.) when provided.
- •Parse each file for function definitions:
- •
Identify command invocations
- •For each command word, ignore Bash keywords and builtins.
- •Treat the remaining command words as external commands.
- •If an external command name matches a function name in scope, it is shadowed; otherwise it is vulnerable.
- •
Report findings
- •List each vulnerable command with
path:lineand the command name. - •Note when a call site is ambiguous (dynamic invocation, eval, or variable indirection).
- •List each vulnerable command with
- •
Create GitHub minor issues
- •For every external command that is not shadowed by a function, file a minor issue.
- •Use the
github-issuesskill and its Task template.
Classification Rules
- •Bash keywords:
if,then,else,elif,fi,for,while,until,case,esac,select,in,do,done,function,time,coproc. - •Bash builtins: use
compgen -borhelpwhen available; otherwise treat the common builtins as safe. - •External commands: any command word that is neither a keyword, builtin, nor function.
Issue Format (minor)
- •Title:
[Security][Minor] Add function override for <command> in <file> - •Body (Task template): include summary, file path, line(s), and recommended function wrapper name.
- •Labels:
bugandsecurityif available; otherwise omit labels.
Notes
- •Function overrides must be defined before use or sourced from known files.
- •If scope is unclear or external tooling is required, ask a brief clarifying question.