Spaces:
Running
Running
feat(agent): add Claude Code-style agent, skills, slash-commands, hooks, todos, sandboxed workspace, and full-stack scaffolding
81aa0b5 verified | name: warn-eval-exec | |
| enabled: true | |
| event: bash | |
| pattern: (^|\s)(eval|exec)\s*\( | |
| action: warn | |
| ⚠️ **eval()/exec() detected** | |
| Using eval() or exec() on untrusted input is a code injection risk. | |
| Consider safer alternatives: | |
| - ast.literal_eval() for Python literals | |
| - json.loads() for JSON | |
| - Function constructors with explicit scope for JS | |