Command Injection Lab

Learn how attackers sneak OS commands and tool hijacks into LLM inputs.

LEARN— What is Command Injection?

Command injection happens when an attacker hides shell commands (like cat /etc/passwd) inside normal-looking text. If an AI agent blindly executes tool calls from user input, those hidden commands can steal data or damage systems.

PRACTICE— Try a Command Injection

Choose an Attack Scenario

Attack Input

Edit the payload — try different shell tricks!

Ctrl/Cmd+Enter to execute

Command Injection Lab

LEARN— What is Command Injection?

Command Injection in AI Systems

PRACTICE— Try a Command Injection

Choose an Attack Scenario

Shell Command Injection

Encoded Command Payload

Tool Call Hijack

Attack Input