You can directly map most of the tags into a libc function clall combination, like the "Command" tag is just programs that run user input into a system() call. Even for programs where this is their primary function. It has nothing to do with "bypassing".
The author is making a security theater out of nothing for posing.
The point is to get to these functionality from a limited set of shell commands, not to get to this functionality from an arbitrary executable.
> The author is making a security theater out of nothing for posing.
Again, the author is not making accusations of security flaws. I don't know how they could have described it better, but the author was going for something very narrow and specific.
The author is making a security theater out of nothing for posing.