diff --git a/src/hooks/interactive-bash-blocker/constants.ts b/src/hooks/interactive-bash-blocker/constants.ts
index 157a0e9..6cbda31 100644
--- a/src/hooks/interactive-bash-blocker/constants.ts
+++ b/src/hooks/interactive-bash-blocker/constants.ts
@@ -52,12 +52,12 @@ export const INTERACTIVE_FLAG_PATTERNS = [
   /\bselect\b.*\bin\b/,
 ]
 
-export const STDIN_REQUIRING_COMMANDS = [
-  "passwd",
-  "su",
-  "sudo -S",
-  "gpg --gen-key",
-  "ssh-keygen",
+export const STDIN_REQUIRING_PATTERNS = [
+  /\bpasswd\b/,
+  /\bsu\b(?!\s*[|&;]|\s+-c)/,
+  /\bsudo\s+-S\b/,
+  /\bgpg\s+--gen-key\b/,
+  /\bssh-keygen\b(?!\s+.*-[fNPqy])/,
 ]
 
 export const TMUX_SUGGESTION = `
diff --git a/src/hooks/interactive-bash-blocker/index.ts b/src/hooks/interactive-bash-blocker/index.ts
index a2338ec..6964a90 100644
--- a/src/hooks/interactive-bash-blocker/index.ts
+++ b/src/hooks/interactive-bash-blocker/index.ts
@@ -2,7 +2,7 @@ import type { PluginInput } from "@opencode-ai/plugin"
 import {
   HOOK_NAME,
   INTERACTIVE_FLAG_PATTERNS,
-  STDIN_REQUIRING_COMMANDS,
+  STDIN_REQUIRING_PATTERNS,
   TMUX_SUGGESTION,
 } from "./constants"
 import type { BlockResult } from "./types"
@@ -25,13 +25,13 @@ function checkInteractiveCommand(command: string): BlockResult {
     }
   }
 
-  for (const cmd of STDIN_REQUIRING_COMMANDS) {
-    if (normalizedCmd.includes(cmd)) {
+  for (const pattern of STDIN_REQUIRING_PATTERNS) {
+    if (pattern.test(normalizedCmd)) {
       return {
         blocked: true,
-        reason: `Command requires stdin interaction: ${cmd}`,
+        reason: `Command requires stdin interaction`,
         command: normalizedCmd,
-        matchedPattern: cmd,
+        matchedPattern: pattern.source,
       }
     }
   }