1. Hook Installer Exposes Unescaped TOTEM_CMD Interpolation — Shell Injection Surface Identified in CLI Package
A security audit has flagged a fragile interpolation pattern in the hook installation mechanism of the CLI package that, if left unaddressed, could enable shell injection. The file `packages/cli/src/commands/install-hooks.ts` writes a generated shell script where the `fallbackCmd` variable is substituted directly into ...