Command injection vulnerability
User supplied input is not properly sanitized for #{user} and #{password} in the create_user helper method. This can lead to command injection if this gem is used in the context of a RoR application. The password is also exposed to the process table listing and its hash is also going to have the same salt every time.