bash-pro
Enhances Bash scripting for production automation and CI/CD with a focus on safety, portability, and robust testing.
Install this skill
Security score
The bash-pro skill was audited on Mar 2, 2026 and we found 18 security issues across 2 threat categories, including 13 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 64 | - Validate inputs with `: "${VAR:?message}"` for required environment variables |
Template literal with variable interpolation in command context
| 69 | - Implement robust script directory detection: `SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd -P)"` |
Template literal with variable interpolation in command context
| 113 | - Validate environment variables before using: `: "${REQUIRED_VAR:?not set}"` |
Template literal with variable interpolation in command context
| 120 | - Use Bash built-ins over external commands: `[[ ]]` instead of `test`, `${var//pattern/replacement}` instead of `sed` |
Template literal with variable interpolation in command context
| 148 | - **Bash 5.0**: Associative array improvements, `${var@U}` uppercase conversion, `${var@L}` lowercase |
Template literal with variable interpolation in command context
| 149 | - **Bash 5.1**: Enhanced `${parameter@operator}` transformations, `compat` shopt options for compatibility |
Template literal with variable interpolation in command context
| 151 | - Check version before using modern features: `[[ ${BASH_VERSINFO[0]} -ge 5 && ${BASH_VERSINFO[1]} -ge 2 ]]` |
Template literal with variable interpolation in command context
| 152 | - Use `${parameter@Q}` for shell-quoted output (Bash 4.4+) |
Template literal with variable interpolation in command context
| 153 | - Use `${parameter@E}` for escape sequence expansion (Bash 4.4+) |
Template literal with variable interpolation in command context
| 154 | - Use `${parameter@P}` for prompt expansion (Bash 4.4+) |
Template literal with variable interpolation in command context
| 155 | - Use `${parameter@A}` for assignment format (Bash 4.4+) |
Template literal with variable interpolation in command context
| 282 | - **Parameter Expansion**: `${filename%.sh}` remove extension, `${path##*/}` basename, `${text//old/new}` replace all |
Template literal with variable interpolation in command context
| 285 | - **Co-processes**: `coproc proc { cmd; }; echo "data" >&"${proc[1]}"; read -u "${proc[0]}" result` for bidirectional pipes |
External URL reference
| 299 | - [Google Shell Style Guide](https://google.github.io/styleguide/shellguide.html) - Comprehensive style guide covering quoting, arrays, and when to use shell |
External URL reference
| 300 | - [Bash Pitfalls](https://mywiki.wooledge.org/BashPitfalls) - Catalog of common Bash mistakes and how to avoid them |
External URL reference
| 301 | - [Bash Hackers Wiki](https://wiki.bash-hackers.org/) - Comprehensive Bash documentation and advanced techniques |
External URL reference
| 302 | - [Defensive BASH Programming](https://www.kfirlavi.com/blog/2012/11/14/defensive-bash-programming/) - Modern defensive programming patterns |
External URL reference
| 309 | - [bashly](https://bashly.dannyb.co/) - Modern Bash CLI framework generator |