04 — INJECTION AND SHELL SAFETY REVIEW

Result

R1 shell injection issue is fixed.

stg_run_sql_file invokes:

docker exec "$PG_CONTAINER" psql -U "$(stg_pg_user)" -v ON_ERROR_STOP=1 "$@" -d "$db" -f "$rmt"

User values remain argv elements and psql variables; no shell reparses them. Sandbox ID is strict digits/underscore format and SQL identifier/literal use is guarded. TTL is syntactically constrained. Grep found no executable eval, sh -c, sh -lc, bash -c, or $*.

Residual helper correctness issue

rmt="$(stg_remote_mktemp)" runs the function in a subshell. Its STG_REMOTE_TMPS+=("$p") mutation does not return to the parent shell. Immediate rm normally succeeds, but early docker-cp/psql failure can leak the container temp despite the claimed EXIT trap. Fix with an output-variable API (for example stg_remote_mktemp rmt) or a local per-call trap.

This is not command injection, but it invalidates the advertised guaranteed cleanup.