Name: Bash Path Prefix Scan
Author: CriticalOptimisation

Use this skill when the user asks to scan Bash scripts for PATH prefix vulnerabilities or to audit external command usage.

Workflow

Confirm scope
- Use files the user names, or list Bash files with rg --files -g '*.sh'.
- Include scripts without .sh if they have a Bash shebang.
Collect function overrides
- Parse each file for function definitions: name() and function name.
- Track function names per file and from sourced files (source or .) when provided.
Identify command invocations
- For each command word, ignore Bash keywords and builtins.
- Treat the remaining command words as external commands.
- If an external command name matches a function name in scope, it is shadowed; otherwise it is vulnerable.
Report findings
- List each vulnerable command with and the command name.

Use this skill when the user asks to scan Bash scripts for PATH prefix vulnerabilities or to audit external command usage.

Confirm scope
- Use files the user names, or list Bash files with rg --files -g '*.sh'.
- Include scripts without .sh if they have a Bash shebang.
Collect function overrides
- Parse each file for function definitions: name() and function name.
- Track function names per file and from sourced files (source or .) when provided.
Identify command invocations
- For each command word, ignore Bash keywords and builtins.
- Treat the remaining command words as external commands.
- If an external command name matches a function name in scope, it is shadowed; otherwise it is vulnerable.
Report findings
- List each vulnerable command with and the command name.

Bash Path Prefix Scan