#17724: zalouser: fix potential argument injection in tool execution

## Summary - Problem: zalouser extension passes user-controlled strings directly as positional arguments to the `zca` binary. - Why it matters: If these values are manipulated (e.g., via prompt injection) to start with a hyphen, they could be interpreted as CLI flags by zca, potentially leading to unauthorized profile access or local filesystem interactions. - What changed: Added a validation helper in `executeZalouserTool` that rejects critical parameters (threadId, query, profile, url) if they start with a hyphen. - What did NOT change: The core logic of how `zca` is called remains identical for standard inputs. ## Change Type - [x] Security hardening ## Scope - [x] Integrations ## User-visible / Behavior Changes None. Standard Zalo IDs and queries do not typically start with hyphens. ## Security Impact - Command/tool execution surface changed? (`Yes`) - Risk + Mitigation: Hardened the argument passing to the `zca` CLI by preventing flag injection via positional arguments. ## Repro + Verification ### Steps 1. AI calls `zalouser(action="friends", query="--profile=/tmp/stolen-token")`. 2. System attempts to execute `zca friend find --profile=/tmp/stolen-token`. ### Expected Tool execution should fail with a validation error. ### Actual Tool execution fails with: `Invalid query: cannot start with a hyphen (potential argument injection)`. ## Human Verification Verified logic via new test suite `security.test.ts`. I also considered using the `--` separator, but simple validation is safer given `zca` is an external dependency with an unofficial API. <!-- greptile_comment --> <h3>Greptile Summary</h3> Adds validation to prevent argument injection in the zalouser extension by rejecting user-controlled parameters (`threadId`, `query`, `profile`, `url`) that start with hyphens before passing them to the `zca` CLI. **Key changes:** - Introduced `validate()` helper function that throws an error if a parameter starts with `-` - Applied validation to `threadId`, `query`, `profile`, and `url` parameters - Added comprehensive test suite (`security.test.ts`) covering all validated parameters - `message` parameter intentionally not validated to allow legitimate hyphen-prefixed content **Note:** The `message` parameter (used in `send` and `image` actions) is not validated. While this appears intentional to allow users to send messages starting with hyphens, there's a theoretical risk in the `send` action where `message` is used as the 4th positional argument. The author considered using `--` separator but opted for selective validation instead. <h3>Confidence Score: 4/5</h3> - This PR is safe to merge with minimal risk - it adds important security hardening against argument injection - Score reflects solid security improvement with comprehensive tests. Minor concern about `message` parameter not being validated, but this appears to be an intentional design decision to allow legitimate hyphen-prefixed messages. The fix successfully prevents the most dangerous injection vectors (profile switching, query manipulation). - Review the comment on `tool.ts:76` regarding `message` parameter handling to confirm the intentional exclusion from validation aligns with security requirements _{Last reviewed commit: 6be55d8} <!-- greptile_other_comments_section --> _{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!} <!-- /greptile_comment -->