command_injection_test

The module contains multiple high-severity insecure coding patterns: command injection risks via subprocess.run(..., shell=True) and os.system(f"cat {filename}"), and direct arbitrary code execution via exec(open(script_path).read()). These allow full code execution and data disclosure if inputs are attacker-controlled. Fixes: avoid shell=True and string interpolation, use subprocess with argument lists or direct file I/O, and never exec file contents from untrusted sources; validate and sandbox inputs. The syntax error in run_user_script should be corrected, but correcting it only restores the dangerous functionality.