Threat explainer

Unsafe command execution

How prompt injection and malicious tools cause AI agents to run dangerous shell commands.

AI tools can run shell commands. Sometimes they run the wrong ones.

Unsafe command execution happens when an agent runs rm -rf, curl to external endpoints, git push to unknown remotes, or installs packages based on injected instructions rather than user intent.

HOL Guard turns these moments into private receipts first, then public lessons only after redaction and moderation.

Harness setup guides

Protect the coding tools your team already uses without forcing everyone to become a security expert.

harness

Codex

Terminal-native coding agent with broad shell reach.

Open guide

harness

Claude Code

Agentic coding harness with MCP and file access.

Open guide

harness

OpenCode

Open-source agent harness for local coding loops.

Open guide

harness

Cursor

AI-first IDE with repo and terminal context.

Open guide

Redacted warnings

Real protection moments, scrubbed for safety before becoming public learning pages.

codex

Codex was stopped before reading an env file

A redacted example of a local secret read attempt.

Open guide

claude-code

Claude Code was stopped before calling an untrusted MCP tool

A redacted example of an MCP tool with a misleading description.

Open guide

cursor

Cursor was stopped before following a hidden instruction

A redacted example of a prompt injection via a file comment.

Open guide

opencode

OpenCode was stopped before running a malicious postinstall script

A redacted example of a supply-chain attack via npm install.

Open guide

Safe labs

Practice attack patterns with static simulations. Nothing dangerous executes.

prompt-injection

Prompt injection replay

See how hidden text tries to override your instructions.

Open guide