Shell Subsitutions on by Default?

[acoliver]

We inherited a security feature from Gemini that disabled shell substitutions in shell commands. We created an ephemeral to enable them that is set by profile. I understand the issue with shell substitutions but there is virtually nothing the model couldn't do by just writing a shell script and running it. With shell substitutions off the model tends to do stupid things like read your PAT and put it directly on the command line so it shows up on the screen, gets sent to more people on the internet than need it and embed it in files. With shell substitution it is easier for it to do things like $(cat ~/.your_pat). I'd like to propose enabling shell subtitution by default or maybe adding to /settings (config) whether the default is on/off. Ephermerals (/set and profiles) will still take precidence.

[mpfaffenberger]

I personally vote yes for this feature. This is overprotective IMO.

[mpfaffenberger]

What do you think about having a "steering" or background agent evaluating shell command risk? That's what I'm going to do in puppy.

[acoliver]

I find models rationalize themselves into whatever. I'm avoiding that design from now on. That's the kind of thing gemini-cli kicks off and tends to act bizzarely. Their loop generator -- caused loops. Their next speaker checker did stupid things. Their "smart editor" causes bogus edits... All these use flash in addition. I'll be interesting to see how yours works. I'm sure it will be a better design.

[mpfaffenberger]

Lol, fair. I'm going to give it a shot in puppy - I don't think it's going to completely derail anything. Sounds like they engineered around Gemini's poor performance a bit too much?

[acoliver]

One issue is yes that gemini flash is a bad model. However you need a smart enough model to decide the risk and they're not really good at that... And then its slow.

[e2720pjk]

I agree as well — enabling the feature seems more valuable than exposing the path directly.

That said, I personally prefer a more cautious strategy: keeping an explicit setting helps preserve the experience for users who rely on the current default, and feels more respectful to those with specific needs.