[Security] Low severity: shell injection hardening for eval $(gstack-slug) in /design-consultation #133
Description
Summary
design-consultation/SKILL.md.tmpl uses eval to capture output from gstack-slug:
eval $(~/.claude/skills/gstack/bin/gstack-slug 2>/dev/null)
gstack-slug derives values from git remote get-url origin and git rev-parse --abbrev-ref HEAD in the current working directory. The pipeline (sed + tr '/' '-') does not strip shell metacharacters like ;, $(), backticks, |, etc. If those appear in the remote URL or branch name, eval would execute them as shell commands.
Actual risk: low
GitHub and GitLab hosted repos are safe in that both platforms enforce alphanumeric-only naming for orgs, repos, and branches. Their remote URLs can never contain shell metacharacters. The risk only applies if a user runs /design-consultation in a repo cloned from a self-hosted git server with lax naming rules, or a local repo with a crafted branch name.
Suggested fix
Flagging this for the maintainer to address as they see fit. The core issue is that eval executes whatever gstack-slug outputs, and the pipeline inside gstack-slug does not strip shell metacharacters from the git remote URL or branch name before they reach eval.