diff --git a/src/gateway/server-methods/exec-approval.ts b/src/gateway/server-methods/exec-approval.ts
index 383e8498a28..4d3065c4d65 100644
--- a/src/gateway/server-methods/exec-approval.ts
+++ b/src/gateway/server-methods/exec-approval.ts
@@ -316,6 +316,24 @@ export function createExecApprovalHandlers(
       }
       const approvalId = resolvedId.id;
       const snapshot = manager.getSnapshot(approvalId);
+      // Security: prevent self-approval — the connection that submitted the request
+      // cannot also resolve it. This blocks prompt-injected agents from immediately
+      // approving their own dangerous command requests without human oversight.
+      if (
+        snapshot?.requestedByConnId != null &&
+        client?.connId != null &&
+        client.connId === snapshot.requestedByConnId
+      ) {
+        respond(
+          false,
+          undefined,
+          errorShape(
+            ErrorCodes.INVALID_REQUEST,
+            "requester cannot approve their own exec request",
+          ),
+        );
+        return;
+      }
       const resolvedBy = client?.connect?.client?.displayName ?? client?.connect?.client?.id;
       const ok = manager.resolve(approvalId, decision, resolvedBy ?? null);
       if (!ok) {