OS command injection in Large Language Models (LLMs) involves exploiting the model’s ability to generate or interpret text to execute unauthorized operating system commands in integrated systems. This type of attack typically occurs when an LLM is connected to a backend system that executes commands based on the model’s outputs. Malicious users craft inputs that trick the LLM into producing commands that can harm the system, such as deleting files, exfiltrating sensitive data, or altering configurations. The risk is particularly high in applications where the LLM interacts with automation scripts or APIs without strict input validation. Preventing OS command injection requires sanitizing inputs and outputs, restricting the model’s access to sensitive operations, and implementing robust security measures like sandboxing and access control to limit the execution of potentially harmful commands.