Merge PR #237: sanitize gstack-slug output against shell injection

bin/gstack-slug

@@ -1,9 +1,15 @@
 #!/usr/bin/env bash
 # gstack-slug — output project slug and sanitized branch name
-# Usage: source <(gstack-slug)  → sets SLUG and BRANCH variables
-# Or:    gstack-slug           → prints SLUG=... and BRANCH=... lines
+# Usage: eval $(gstack-slug)  → sets SLUG and BRANCH variables
+# Or:    gstack-slug          → prints SLUG=... and BRANCH=... lines
+#
+# Security: output is sanitized to [a-zA-Z0-9._-] only, preventing
+# shell injection when consumed via eval $(gstack-slug).
 set -euo pipefail
-SLUG=$(git remote get-url origin 2>/dev/null | sed 's|.*[:/]\([^/]*/[^/]*\)\.git$|\1|;s|.*[:/]\([^/]*/[^/]*\)$|\1|' | tr '/' '-')
-BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null | tr '/' '-')
+RAW_SLUG=$(git remote get-url origin 2>/dev/null | sed 's|.*[:/]\([^/]*/[^/]*\)\.git$|\1|;s|.*[:/]\([^/]*/[^/]*\)$|\1|' | tr '/' '-')
+RAW_BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null | tr '/' '-')
+# Strip any characters that aren't alphanumeric, dot, hyphen, or underscore
+SLUG=$(printf '%s' "$RAW_SLUG" | tr -cd 'a-zA-Z0-9._-')
+BRANCH=$(printf '%s' "$RAW_BRANCH" | tr -cd 'a-zA-Z0-9._-')
 echo "SLUG=$SLUG"
 echo "BRANCH=$BRANCH"