security: [HIGH] Command injection via heredoc in growth.sh curl POST #3191
Description
File: .claude/skills/setup-agent-team/growth.sh
Lines: 180-185
Finding: The ${CANDIDATE_JSON} variable (populated from Claude AI output via sed) is passed to curl via heredoc (<<< "${CANDIDATE_JSON}"), which undergoes shell variable expansion. If the AI output contains shell metacharacters (``, $(...), ${...}), they will be evaluated before being piped to curl.
Code:
HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
-X POST "${SPA_TRIGGER_URL}/candidate" \
-H "Authorization: Bearer ${SPA_TRIGGER_SECRET}" \
-H "Content-Type: application/json" \
--data-binary @- <<< "${CANDIDATE_JSON}" \
--max-time 30) || HTTP_STATUS="000"Impact: If an attacker can influence Claude's json:candidate output to include backticks or command substitution syntax, they could achieve arbitrary command execution in the growth.sh process.
Recommendation: Use a temp file instead of heredoc to avoid shell expansion:
_candidate_file=$(mktemp /tmp/candidate-XXXXXX.json)
chmod 0600 "${_candidate_file}"
printf '%s' "${CANDIDATE_JSON}" > "${_candidate_file}"
HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
-X POST "${SPA_TRIGGER_URL}/candidate" \
-H "Authorization: Bearer ${SPA_TRIGGER_SECRET}" \
-H "Content-Type: application/json" \
--data-binary @"${_candidate_file}" \
--max-time 30) || HTTP_STATUS="000"
rm -f "${_candidate_file}"-- security/shell-scanner