🔴 Red Team Audit: High-Severity Template Injection in Pipeline YAML via `name` Field

A critical second-order template injection vulnerability allows attackers to inject arbitrary `jobs:` blocks directly into pipeline YAML. The flaw bypasses existing input sanitization by exploiting the compiler's own template syntax, turning a simple `name` field into a vector for code execution.

The vulnerability resides in the `validate_front_matter_identity` function within `src/compile/common.rs`. While the function blocks Azure DevOps (ADO) expressions like `${{`, `$(`, and `$[`, it fails to sanitize the compiler's native template markers (`{{ ... }}`). By setting a `name` field to `{{ agent_content }}`, an attacker triggers a two-step substitution. First, the placeholder `{{ agent_name }}` is replaced with the literal string `{{ agent_content }}`. In the second step, this string is interpreted as a template marker, causing the system to substitute it with the full markdown body content, effectively injecting arbitrary YAML into the compiled pipeline.

This high-severity finding represents a direct pipeline compromise risk. The exploit is confirmed viable, allowing unauthorized job injection. The flaw highlights a critical gap where internal template logic is trusted over external ADO syntax, creating a blind spot in the security model. It places any system using this compilation process under immediate scrutiny for unauthorized pipeline modification and potential downstream system access.