fix: sanitize subprocess call in ssh-agent.py

The SSH proxy scripts pass command-line arguments directly to subprocess

plugins/shell-proxy/ssh-agent.py

@@ -13,4 +13,20 @@ argv = [
     "Compression=yes",
 ]
 
-subprocess.call(argv + sys.argv[1:], env=os.environ)
+
+def _validate_args(args):
+    """Validate arguments to prevent command injection attacks.
+
+    Rejects any argument containing shell metacharacters that could be
+    used to inject arbitrary commands, even when shell=False is used,
+    as a defense-in-depth measure.
+    """
+    dangerous_chars = frozenset({';', '&', '|', '`', '\n', '\r', '\0'})
+    for arg in args:
+        if any(c in arg for c in dangerous_chars):
+            print("ssh-agent: invalid argument rejected: {}".format(arg), file=sys.stderr)
+            sys.exit(1)
+    return list(args)
+
+
+subprocess.call(argv + _validate_args(sys.argv[1:]), env=os.environ, shell=False)