fix: use subprocess instead of os.system in analyze.py (#1289)

The data analysis skill executes shell commands using os Resolves V-001 Co-authored-by: orbisai0security <orbisai0security@users.noreply.github.com>
2026-04-02 22:02:13 +08:00 · 2026-03-24 18:12:03 +05:30
parent 4b15f14647
commit 14a3fa5290
2 changed files with 4 additions and 3 deletions
--- a/scripts/check.py
+++ b/scripts/check.py
@@ -12,7 +12,7 @@ from typing import Optional
 def run_command(command: list[str]) -> Optional[str]:
    """Run a command and return trimmed stdout, or None on failure."""
    try:
-        result = subprocess.run(command, capture_output=True, text=True, check=True)
+        result = subprocess.run(command, capture_output=True, text=True, check=True, shell=False)
    except (OSError, subprocess.CalledProcessError):
        return None
    return result.stdout.strip() or result.stderr.strip()