From 30bf2ac8990678cbd7c32d4879aae577c7007118 Mon Sep 17 00:00:00 2001 From: Shreyansh Kushwaha Date: Thu, 2 Apr 2026 00:10:13 +0530 Subject: [PATCH] Update cli.md --- docs/cli.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/cli.md b/docs/cli.md index efcb80cf6b..97e1e10bf9 100644 --- a/docs/cli.md +++ b/docs/cli.md @@ -177,6 +177,10 @@ steps: ZX_VERBOSE: true ZX_SHELL: '/bin/bash' ``` +> [!WARNING] +> **Security Note:** Environment variables like `ZX_PREFIX`, `ZX_POSTFIX`, and `ZX_SHELL` are injected globally into *every* command executed via the `$` template tag without sanitization. If you are using `zx` in shared environments or CI/CD pipelines, be aware that untrusted parties who can set environment variables can implicitly execute arbitrary shell commands. + + ## `__filename & __dirname`