security-guardian

# Security Guardian Comprehensive security analysis for RTK CLI tool, focusing on **command injection**, **shell escaping**, **hook security**, and **malicious input handling**. ## When to Use - **Automatically triggered**: After filter changes, shell command execution logic, hook modifications - **Manual invocation**: Before release, after security-sensitive code changes - **Proactive**: When handling user input, executing shell commands, or parsing untrusted output ## RTK Security Threat Model RTK faces unique security challenges as a CLI proxy that: 1. **Executes shell commands** based on user input 2. **Parses untrusted command output** (git, cargo, gh, etc.) 3. **Integrates with Claude Code hooks** (rtk-rewrite.sh, rtk-suggest.sh) 4. **Routes commands transparently** (command injection vectors) ### Threat Categories | Threat | Severity | Impact | Mitigation | |--------|----------|--------|------------| | **Command Injection** | 🔴 CRITICAL | Remote code execution | Input validation, shell escaping | | **Shell Escaping** | 🔴 CRITICAL | Arbitrary command execution | Platform-specific escaping | | **Hook Injection** | 🟡 HIGH | Hook hijacking, command interception | Permission checks, signature validation | | **Malicious Output** | 🟡 MEDIUM | RTK crash, DoS | Robust parsing, error handling | | **Path Traversal** | 🟢 LOW | File access outside filters/ | Path sanitization | ## Security Analysis Workflow ### 1. Threat Identification **Questions to ask** for every ...