sop-runner-v2

No direct indicators of concealed malware (no obfuscated payloads, no network exfiltration code, no hardcoded credentials) in this fragment. However, the module intentionally executes arbitrary shell commands defined on disk and forwards environment/vars to child processes and audit logs without redaction. If SOP content, CLI vars, or environment variables are untrusted or writable by an attacker, this component permits remote command execution and persistent leakage of secrets. Treat this code as high-risk when SOP files or inputs are not strictly controlled: enforce strict filesystem permissions, validate/whitelist step commands, avoid passing secrets via vars/env, redact sensitive fields in audit logs, and consider sandboxing or restricting execution privileges.