From 4603a1ec7a69436f9747140283af7b64512630ba Mon Sep 17 00:00:00 2001
From: Greg Gauthier <gmgauthier@protonmail.com>
Date: Sat, 7 Mar 2026 19:37:53 +0000
Subject: [PATCH] fix(recipe): improve allowed shell command validation

Update the command matching logic to require an exact match or the command followed by a space and arguments. Also normalize case and trim whitespace for safe commands to prevent loose prefix matches that could allow unintended commands.
---
 internal/recipe/loader.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/internal/recipe/loader.go b/internal/recipe/loader.go
index 8ccffc6..812ffaa 100644
--- a/internal/recipe/loader.go
+++ b/internal/recipe/loader.go
@@ -75,9 +75,13 @@ func Load(path string, userParams map[string]any) (*Recipe, error) {
 	safeMap := safeCommands()
 	for _, cmd := range r.AllowedShellCommands {
 		trimmed := strings.ToLower(strings.TrimSpace(cmd))
+
 		allowed := false
 		for safe := range safeMap {
-			if strings.HasPrefix(trimmed, safe) {
+			safeTrim := strings.ToLower(strings.TrimSpace(safe))
+
+			// Match exact command OR command followed by space + arguments
+			if trimmed == safeTrim || strings.HasPrefix(trimmed, safeTrim+" ") {
 				allowed = true
 				break
 			}