Backslash-operator safety check false-positives on idiomatic find/grep patterns

Resolved 💬 3 comments Opened Mar 27, 2026 by liammagee Closed Apr 29, 2026

Description

The built-in safety check that flags "backslash before a shell operator" false-positives on completely standard shell patterns like find -exec ... \; and grep "foo\|bar".

These are idiomatic, everyday shell commands — not attempts to hide command structure. The prompt fires frequently during normal development workflows and interrupts flow.

Reproduction

Run any standard find with -exec:

find . -type f -name "*.md" -exec grep -l "pattern" {} \;

Or grep with alternation:

grep -l "foo\|bar" *.md

Both trigger:

Command contains a backslash before a shell operator (;, |, &, <, >)
which can hide command structure

Do you want to proceed?

Expected behavior

These standard patterns should not trigger the safety prompt. The check should distinguish between:

  • Idiomatic: find -exec {} \;, grep "a\|b" — standard POSIX patterns
  • Suspicious: actual attempts to hide piped commands or redirections behind backslashes

Workaround

Adding Bash(find *) and Bash(grep *) to permissions.allow in settings.json suppresses the prompt, but this is a broad workaround.

Impact

Interrupts flow frequently during normal development. More than a paper cut — it fires on some of the most common shell commands in existence.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗