orchestrate

No clear evidence of intentionally malicious/stealth behavior (no exfiltration, persistence, or credential theft visible). However, the module is security-critical because it ingests attacker-controlled repositories (unvalidated repoUrl/branch) and executes attacker-influenced shell text via `bash -c` (arbitrary command execution). Dynamic regex construction from untrusted configuration adds potential ReDoS/DoS risk. If any of repoUrl/branch/command/parser are not tightly controlled, this code materially elevates the likelihood of supply-chain compromise.