Security Fix Bypassed: ai-engineering Deploys Command Injection Vulnerability via Unpatched Template

A security patch addressing a command injection flaw was applied to ai-engineering's internal development hooks but was not propagated to the project's deployable template, creating a supply-chain risk for any new installations. Commit 62ef08fc, part of an autonomous backlog run, fixed the vulnerability in the live hooks file by implementing URL validation and sanitizing subprocess calls with `shlex.split()`. However, the corresponding template file at `src/ai_engineering/templates/.ai-engineering/scripts/hooks/mcp-health.py` was never updated, leaving the original vulnerability intact in the version shipped to users.

The original code passes a raw URL string directly to `subprocess.run()` without validation, allowing potential command injection through specially crafted URLs. The patched version adds both an `import shlex` statement and validates URLs against the regex pattern `^https?://[^\s;|&`]+$` before executing any subprocess call. Users running `ai-eng install` or `ai-eng update` receive the unfixed template, meaning the security improvement exists only within the ai-engineering project's own development environment—not in the code being distributed to end users.

The discrepancy means the vulnerability persists in all new deployments until the template is synchronized with the patched hooks file. Developers relying on ai-engineering tooling may be unaware they are operating with an unpatched version, as the underlying fix is not reflected in what gets deployed. The gap highlights a critical failure in the change management process: security-relevant updates to internal scripts were not evaluated for impact on deployable artifacts. Until the template is updated, users cannot benefit from the command injection fix through standard installation or update procedures.