Hook Installer Exposes Unescaped TOTEM_CMD Interpolation — Shell Injection Surface Identified in CLI Package

A security audit has flagged a fragile interpolation pattern in the hook installation mechanism of the CLI package that, if left unaddressed, could enable shell injection. The file `packages/cli/src/commands/install-hooks.ts` writes a generated shell script where the `fallbackCmd` variable is substituted directly into a double-quoted bash variable without shell escaping. The current implementation at line 38 reads `TOTEM_CMD="${fallbackCmd}"`, a construction that does not sanitize metacharacters such as `$`, backticks, quotes, or backslashes before substitution.

The surface is not actively exploitable today because `fallbackCmd` derives exclusively from `getFallbackCommand`, which sources only internal deterministic paths. However, the audit, conducted under reference `audits/internal/2026-04-26-ai-studio-C-response.md` (Q6, "Hook installation surface"), warns that any future modification introducing package-manager-derived values into `fallbackCmd` would flow straight into the hook script template. An attacker controlling a package manager value containing shell metacharacters could inject commands into the hook script at install time.

The recommended remediation is to wrap `fallbackCmd` through a strict shell-escape utility before interpolation into the script template. Defense-in-depth hardening is the stated goal, and the finding carries urgency precisely because the pattern is easy to replicate across future changes. All contributors modifying the hook installation path or extending `fallbackCmd` sourcing should treat shell escaping as a mandatory step, not an afterthought.