Status: IN
Command execution in FTL2 is governed at two independent levels: the policy engine enforces pre-execution access control (deny rules matching module, host, environment, and parameters with first-match semantics), while the command/shell distinction controls injection exposure at runtime (command runs without shell interpretation, shell enables pipes but triggers the same policy deny as command and raw).