Welcome to Snow CLI! Agentic coding in your terminal.
Command Injection Mode is an advanced feature of Snow CLI that allows you to directly embed commands in conversation messages, which will be automatically executed by the system and the results returned to AI. This enables AI to quickly obtain command execution results without relying on tool calls, improving interaction efficiency.
Traditional command execution requires AI to call tools, wait for user approval, and then execute commands. Command Injection Mode provides a more direct approach:
- Embed commands directly in messages without additional tool call process
- AI can obtain real-time system status information
- Suitable for quick queries and simple operations
- Integrated with sensitive command protection mechanism to ensure security
!`command`
Use exclamation mark and backticks to wrap commands in messages, and the system will automatically execute the command.
Examples:
Check current directory: !`pwd`
List files: !`ls -la`
View Git status: !`git status`
!`command`<timeout>
Use angle brackets after the command to specify timeout in milliseconds. If not specified, default timeout is 30000 milliseconds (30 seconds).
Examples:
!`npm install`<60000>
!`docker build .`<120000>
!`sleep 5`<10000>
- Must use complete
!+`combination, neither can be omitted - Command content goes inside backticks
- Timeout is optional, format is
<number>, unit is milliseconds - Multiple command injections can be included in one message
- Commands are executed sequentially
When you use command injection syntax in messages, the system will:
The system uses regular expression /!([^]+)(?:<(\d+)>)?/g` to parse all commands in the message:
- Extract command content
- Extract timeout (if specified)
- Mark command position in message
Before execution, the system checks if the command matches sensitive command rules:
- Iterate through enabled sensitive command patterns
- If matched, show confirmation dialog
- Display command content, matching pattern, and risk description
- Wait for user confirmation or cancellation
For sensitive command configuration, see: Sensitive Commands Configuration
After user confirmation (or direct execution for non-sensitive commands):
- Windows systems use
cmd.exeto execute - Unix-like systems (macOS, Linux) use
shto execute - Use current working directory as execution path
- Inherit current environment variables
- Apply specified timeout
During command execution:
- Capture standard output (stdout)
- Capture standard error (stderr)
- Record exit code
- Detect timeout situations
After execution completes, the system replaces the original command syntax with execution results:
On success:
--- Command: ls -la ---
total 48
drwxr-xr-x 10 user staff 320 Dec 5 10:30 .
drwxr-xr-x 20 user staff 640 Dec 4 15:22 ..
-rw-r--r-- 1 user staff 1234 Dec 5 10:30 README.md
--- End of output ---
On failure:
--- Command: invalid-command ---
Error: command not found: invalid-command
--- End of output ---
The complete message with replaced content is sent to AI, which can analyze and respond based on the real command output.
What's the current directory situation? !`ls -la`
AI will see the actual file list and respond based on it.
Help me analyze system resource usage:
Memory: !`free -h`
Disk: !`df -h`
Current branch status: !`git status`
Recent commits: !`git log -5 --oneline`
Check Node version: !`node --version`
Check dependencies: !`npm list --depth=0`
Project information:
Git branch: !`git branch --show-current`
Uncommitted changes: !`git status --short`
Recent commit: !`git log -1 --oneline`
Command injection mode is fully integrated with sensitive command configuration:
-
Auto Detection
- All commands are checked against sensitive patterns before execution
- Matched commands trigger confirmation flow
-
User Confirmation
- Display complete command content
- Show matched sensitive pattern and risk description
- Display timeout (if customized)
- User can choose to execute or cancel
-
Rejection Feedback
- If user rejects executing sensitive command
- AI receives feedback and may suggest alternatives
- Rejected commands won't appear in final message
- Default 30-second timeout prevents command hanging
- Can customize timeout for long-running commands
- Commands are forcibly terminated after timeout
- Timeout information is fed back to AI
- Commands execute in current working directory
- Inherit current shell environment variables
- Won't affect Snow CLI main process
- Command failures won't crash CLI
Suitable scenarios:
- Quick system status queries
- Get file list or content
- Check environment configuration
- Simple Git operation queries
Not suitable scenarios:
- Complex batch operations (safer to use tool calls)
- Commands requiring interaction (like password input)
- Long-running tasks (unless setting sufficient timeout)
- Dangerous system operations (should use tool calls with careful confirmation)
Set timeout based on command's expected execution time:
Quick query (use default): !`pwd`
Install dependencies (60s): !`npm install`<60000>
Build image (120s): !`docker build .`<120000>
Run tests (180s): !`npm test`<180000>
Provide context for AI to better understand command output:
I want to optimize this project's dependencies, first help me see what packages are currently installed: !`npm list --depth=0`
For operations that might trigger sensitive command protection:
Please help me check if there are unused files that can be cleaned (don't delete directly): !`git clean -n`
Use safe query options (like git clean -n) instead of directly executing dangerous operations.
Combine related commands together for AI to get complete view:
Analyze this branch situation:
Current branch: !`git branch --show-current`
Unmerged commits: !`git log origin/main..HEAD --oneline`
Uncommitted changes: !`git status --short`
Q: What's the difference between command injection and tool calls?
A: Command injection executes commands before sending message to AI and replaces results. AI sees execution results. Tool calls are AI actively requesting command execution during AI response. Command injection is better for quick queries, tool calls are better for complex operations.
Q: Why didn't my command execute?
A: Check these points:
- Confirm correct syntax:
!command`` - Both exclamation mark and backticks must be present
- If it's a sensitive command, confirm you selected execute in confirmation dialog
- Check if it timed out (default 30 seconds)
Q: Can I use multiple commands in one message?
A: Yes. The system will execute all commands sequentially, and each command's result will replace the corresponding syntax position.
Q: What happens when command execution fails?
A: Failed commands will show error information in output, and AI will see the complete error content and may provide solutions.
Q: What's the maximum timeout setting?
A: Theoretically no limit, but recommend not exceeding 300000 milliseconds (5 minutes). For very long-running tasks, suggest using tool call method for better monitoring and management.
Q: Does command injection bypass sensitive command protection?
A: No. All commands executed through command injection are checked against sensitive commands. Commands matching sensitive patterns must be confirmed by user.
Q: Can I inject commands requiring interaction?
A: Not recommended. Command injection doesn't support interactive input, such commands will hang until timeout. If you need to execute interactive commands, use Snow CLI's tool call functionality.
Q: Are there differences between Windows and Unix system commands?
A: Yes. Windows uses cmd.exe to execute, Unix-like systems use sh to execute. Consider cross-platform compatibility when writing commands, or explicitly specify target platform.
Command injection mode itself requires no configuration, but depends on sensitive command configuration:
- Windows:
%USERPROFILE%\.snow\sensitive-commands.json - macOS/Linux:
~/.snow/sensitive-commands.json
For detailed configuration method, see: Sensitive Commands Configuration
- Sensitive Commands Configuration - Configure dangerous commands requiring confirmation
- Command Panel Guide - Learn about other shortcut command features
- Vulnerability Hunting Mode - Professional security analysis feature, also uses sensitive command protection