Command Injection
Due to the user-specific configuration being loaded from ~/.confire.yaml using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.