Destructive-command guard

The destructive-command guard is a hard-deny check applied before an agent-initiated command is spawned. It blocks shell metacharacters, privilege escalation, world-writable permission changes, and recognized destructive patterns.

The guard pairs with allowlisted execution: the allowlist defines what the agent may run, the guard rejects dangerous forms of anything that slips through. Neither makes execution risk-free; together they narrow the blast radius.