diff --git a/.jules/sentinel.md b/.jules/sentinel.md
new file mode 100644
index 0000000..33e8a8b
--- /dev/null
+++ b/.jules/sentinel.md
@@ -0,0 +1,4 @@
+## 2024-05-18 - Prevent Command Injection via String Interpolation in shell wrappers
+**Vulnerability:** A command injection risk existed in `CacheCategory.swift` within `toolExists` where `shell("/usr/bin/which \(tool)")` directly interpolated the dynamic `tool` string into a `/bin/bash -c` executed command string.
+**Learning:** Naively passing concatenated or interpolated strings to shell wrappers opens the door for command injection if the input ever becomes dynamic or user-controlled.
+**Prevention:** Always invoke external executables directly (e.g., using `Process` with `/usr/bin/env`) and pass dynamic inputs exclusively as elements in the `process.arguments` array rather than executing a concatenated shell string.
diff --git a/Sources/Cacheout/Models/CacheCategory.swift b/Sources/Cacheout/Models/CacheCategory.swift
index 7b3d942..0e329dd 100644
--- a/Sources/Cacheout/Models/CacheCategory.swift
+++ b/Sources/Cacheout/Models/CacheCategory.swift
@@ -186,8 +186,18 @@ struct CacheCategory: Identifiable, Hashable {
     }
 
     private func toolExists(_ tool: String) -> Bool {
-        let result = shell("/usr/bin/which \(tool)")
-        return result != nil && !result!.isEmpty
+        let process = Process()
+        process.executableURL = URL(fileURLWithPath: "/usr/bin/env")
+        process.arguments = ["which", tool]
+        process.standardOutput = FileHandle.nullDevice
+        process.standardError = FileHandle.nullDevice
+        do {
+            try process.run()
+            process.waitUntilExit()
+            return process.terminationStatus == 0
+        } catch {
+            return false
+        }
     }
 
     private func runProbe(_ command: String) -> String? {