From 62a8be03da92698c140fb02c08e45e71cf7eec47 Mon Sep 17 00:00:00 2001
From: Tom Boucher <trekkie@nomorestars.com>
Date: Wed, 18 Mar 2026 10:25:08 -0400
Subject: [PATCH] fix(verification-gate): sanitize preference commands with
 isLikelyCommand (#1138)

---
 src/resources/extensions/gsd/verification-gate.ts | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/resources/extensions/gsd/verification-gate.ts b/src/resources/extensions/gsd/verification-gate.ts
index 22af55f92..adfba6da8 100644
--- a/src/resources/extensions/gsd/verification-gate.ts
+++ b/src/resources/extensions/gsd/verification-gate.ts
@@ -45,11 +45,12 @@ const PACKAGE_SCRIPT_KEYS = ["typecheck", "lint", "test"] as const;
  *   4. None found
  */
 export function discoverCommands(options: DiscoverCommandsOptions): DiscoveredCommands {
-  // 1. Preference commands
+  // 1. Preference commands (still sanitize — may contain prose from misconfiguration)
   if (options.preferenceCommands && options.preferenceCommands.length > 0) {
     const filtered = options.preferenceCommands
       .map(c => c.trim())
-      .filter(Boolean);
+      .filter(Boolean)
+      .filter(c => isLikelyCommand(c));
     if (filtered.length > 0) {
       return { commands: filtered, source: "preference" };
     }