tools/automation/ollama-delegate.sh uses source .env which executes arbitrary shell code, not just variable assignments. A malicious or malformed .env could run unintended commands.
What to do:
- Replace
source .env with a parser that only reads KEY=VALUE lines
- Or validate
.env content before sourcing (reject lines with backticks, $(), etc.)
Files: tools/automation/ollama-delegate.sh
tools/automation/ollama-delegate.shusessource .envwhich executes arbitrary shell code, not just variable assignments. A malicious or malformed.envcould run unintended commands.What to do:
source .envwith a parser that only readsKEY=VALUElines.envcontent before sourcing (reject lines with backticks,$(), etc.)Files:
tools/automation/ollama-delegate.sh