Security Flaw: Shell Injection Vulnerability in PytestRunner & CoverageAuditor Subprocess Calls

A critical shell injection vulnerability has been identified in two core components of the codebase, exposing systems to potential arbitrary command execution. The flaw resides in the use of `asyncio.create_subprocess_shell()` with unsafe string interpolation, allowing user-controlled input to be interpreted as shell commands.

The affected files are `src/infrastructure/shell_adapter.py` (line 14) and `src/core/capabilities/code_analysis/auditor.py` (line 20). In both instances, the code constructs shell commands by directly interpolating variables like `test_path` and `target_dir` into a string. If these variables contain shell metacharacters—such as semicolons (`;`), pipes (`|`), command substitution (`$()`), or backticks—an attacker could inject and execute malicious commands on the host system. This bypasses intended functionality and grants unauthorized control.

The proposed mitigation is a fundamental shift in execution strategy: replacing the vulnerable `create_subprocess_shell()` with the secure `create_subprocess_exec()`. This function accepts a list of arguments, preventing the shell from interpreting metacharacters. The fix requires refactoring the command construction to pass each argument as a separate list element, thereby neutralizing the injection vector. This vulnerability underscores the persistent risk of improper subprocess handling in automated testing and analysis tools, where external input is often trusted without sufficient sanitization.