[BUG] Inline command execution (!`cmd`) in slash commands fails with permission error

Resolved 💬 4 comments Opened Nov 14, 2025 by NickMainAtPI Closed Nov 18, 2025

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Slash commands that contain inline command execution syntax (!command) fail with a permission error during preprocessing. The error occurs before the slash command can execute, making inline command syntax unusable in custom slash commands.

The permission system blocks these commands because Claude Code wraps them with "export CLAUDE_PROJECT_DIR=<path>; <command>", which the permission checker treats as a compound command requiring approval.

What Should Happen?

  1. Inline commands in slash commands (e.g., !git status) should execute successfully
  2. The CLAUDE_PROJECT_DIR environment variable should be set (as intended)
  3. Command output should be injected into the slash command context
  4. The slash command should continue executing with the populated context

Error Messages/Logs

Error: Bash command permission check failed for pattern "!`git status --porcelain`":
This Bash command contains multiple operations. The following part requires approval:
export CLAUDE_PROJECT_DIR=/path/to/project

Steps to Reproduce

  1. Create a test slash command file .claude/commands/test-inline.md:
---
description: Test inline command execution
---

## Context

- Current branch: !`git branch --show-current`
- Git status: !`git status --porcelain`

## Instructions

If you can read this, the bug is fixed!
  1. Execute the slash command:

/test-inline

  1. Observe the error about permission denied for the export statement
  1. The slash command fails during Context preprocessing before reaching Instructions

Claude Model

Sonnet (default)

Is this a regression?

Yes, this worked in a previous version

Last Working Version

2.0.37

Claude Code Version

2.0.41

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

Root Cause Analysis

The issue occurs in the interaction between the command wrapper function (An5() in minified cli.js) and the permission checker:

  1. Inline command !git status`` is extracted from slash command
  2. An5() wraps it: export CLAUDE_PROJECT_DIR=/path; git status
  3. Permission checker sees compound command with export → flags as requiring approval
  4. Command fails before execution

Why This is Problematic

Current implementation (broken):

// Wrap command with export
command = `export CLAUDE_PROJECT_DIR=/path; ${command}`
// Run permission check on wrapped command
if (!permissionCheck(command)) throw Error(); // ❌ Fails here
exec(command)

How hooks already work (correct):

// Set environment via spawn options
let env = {...process.env, CLAUDE_PROJECT_DIR: projectDir};
spawn(command, [], {env, shell: true}) // ✅ Works

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗