LLM Agents Should Never Execute Raw Commands

Prompt injection is only a symptom. The real problem is command injection in agent-driven systems. Large Language Models are rapidly becoming the interface between humans and software systems. Developers are building agents capable of triggering automation, managing users, generating reports, and interacting directly with backend infrastructure. The architecture often looks deceptively simple: User ↓ LLM ↓ Generated text ↓ Backend execution At first glance, this seems perfectly reasonable. But t