Context-Inappropriate Capability
Medium
- Confidence
- 91% confidence
- Finding
- The CLI builds a shell command string and passes it to child_process.execSync, interpolating user-controlled values such as tool arguments into the command. Although JSON.stringify and quoting reduce some risk, this remains dangerous because shell parsing still occurs and malformed input containing quotes can break out of the intended argument boundary, potentially leading to command injection on the local machine.
