AntiPattern
Shell Command Injection via Formatting
shell-command-injection-via-string-formatting
User-controlled values get embedded into shell command strings (via sprintf/printf-style formatting) and then executed through sh -c/popen/execvp or bash command hooks, bypassing restricted-mode checks; the stake is arbitrary command execution.