Shell Metacharacter Injection Arbitrary Command Execution
The library passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to cd and git clone commands in the library.