Securing CLI Based AI Agent Tutorial

The Security Problem Nobody Talks About You're building an AI agent. The LLM needs to call a weather API. You write a batch script that takes a city name as input. This seems fine: powershell -Command "$city = ' %CITY% '; Invoke-RestMethod -Uri $url" Until the LLM (or a malicious user) provides this: Toronto'; Remove-Item -Path C:\* -Recurse; echo ' Your hard drive is gone. Shell injection via LLM-generated parameters is the underappreciated risk in CLI-based AI agents. The LLM hallucinates creative inputs. Users try adversarial prompts. Either way, you're one bad string away from arbitrary code execution. Why This Matters More for AI Agents Traditional web apps have trained us to sanitize user input. But AI agents introduce a new attack surface: the LLM itself can be the attacker . Not maliciously—through hallucination, misunderstanding, or prompt injection that tricks it into generating malformed parameters. Code for the article is here https://github.com/vishalmysore/cli-ai-agent Co