1. Terminal Lifecycle Handler Faces Shell-Injection Audit Over Unsafe Command Interpolation
Security researchers have identified a shell-injection vulnerability pathway in the terminal command template used across the codebase. The issue centers on a shell-script string built for `pty.spawn` that directly interpolates user-controlled values — including worktree paths, branch names, and agent prompts — without...