[BUG] Shell Command Injection in Python Install Hooks

### Project

vgrep

### Description

In `install.rs` lines 383 and 406, Python hook files are generated with paths embedded directly using `format!()`. If the path contains quotes or shell metacharacters, the Python `subprocess` call could execute arbitrary commands.

### Error Message

```shell

```

### Debug Logs

```shell

```

### System Information

```shell
Bounty Version: 0.1.0
OS: Ubuntu 24.04 LTS
CPU: AMD EPYC-Genoa Processor (8 cores)
RAM: 15 GB
```

### Screenshots

_No response_

### Steps to Reproduce

1. Create Factory Droid directory at a path with special chars: `~/.factory' && rm -rf / #/`
2. Run `vgrep install droid`
3. Malicious Python hooks are generated
4. When hooks execute, arbitrary commands run

### Expected Behavior

Paths properly escaped for shell execution

### Actual Behavior

Paths embedded raw, allowing injection

### Additional Context

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG] Shell Command Injection in Python Install Hooks #189

Project

Description

Error Message

Debug Logs

System Information

Screenshots

Steps to Reproduce

Expected Behavior

Actual Behavior

Additional Context

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

[BUG] Shell Command Injection in Python Install Hooks #189

Description

Project

Description

Error Message

Debug Logs

System Information

Screenshots

Steps to Reproduce

Expected Behavior

Actual Behavior

Additional Context

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions