Garry Tan 6d2d10c125 fix: validate repo mode values to prevent shell injection ...

Codex adversarial review found that unvalidated config/cache values
could be injected into shell via source <(gstack-repo-mode). Added
validate_mode() that only allows solo|collaborative|unknown — anything
else becomes "unknown". Prevents persistent code execution through
malicious config.yaml or tampered cache JSON.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-20 12:47:43 -07:00

2.5 KiB

Executable File

Raw Blame History

View Raw