#8515: Lobster: disable Windows shell fallback

## Fix Summary On Windows, the `lobster` tool retries failed spawns with `shell: true` and passes user-controlled `pipeline`, `argsJson`, or `token` directly into the argv list. When the fallback path is triggered (common when `lobster` is a `.cmd` wrapper), `cmd.exe` interprets metacharacters (e.g., `&`, `|`) allowing command injection and arbitrary code execution as the gateway user. Fixes #8514 ## Issue Linkage Fixes #8514 ## Security Snapshot - CVSS v3.1: 9.9 (Critical) - CVSS v4.0: 9.4 (Critical) ## Implementation Details ### Files Changed - `extensions/lobster/src/lobster-tool.test.ts` (+51/-19) - `extensions/lobster/src/lobster-tool.ts` (+21/-18) ### Technical Analysis On Windows, the `lobster` tool retries failed spawns with `shell: true` and passes user-controlled `pipeline`, `argsJson`, or `token` directly into the argv list. When the fallback path is triggered (common when `lobster` is a `.cmd` wrapper), `cmd.exe` interprets metacharacters (e.g., `&`, `|`) allowing command injection and arbitrary code execution as the gateway user. ## Validation Evidence - Command: `lobster` - Status: failed ## Risk and Compatibility non-breaking; compatibility impact was not explicitly documented in the original PR body. ## AI-Assisted Disclosure AI-assisted: Codex CLI This fix was generated with AI assistance (Codex CLI). <details> <summary>Prompt and Log Snippets (truncated)</summary> _No prompt captured._ _No generation logs captured._ </details> <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR removes the Windows “retry with `shell: true`” spawn fallback for the lobster tool and tightens `lobsterPath` validation to only allow `lobster.exe` on Windows. The goal is to prevent command injection when user-controlled arguments are passed to a shell fallback (especially when lobster is provided via `.cmd`/PATHEXT wrappers). Tests were updated to assert Windows now errors (asking for an absolute `lobster.exe` path) where previously PATH `.cmd` wrappers would work. <h3>Confidence Score: 4/5</h3> - This PR is generally safe to merge and meaningfully reduces a Windows command-injection risk surface. - The change is localized (spawn options and Windows-specific fallback/validation) and tests were adjusted accordingly. Main residual concern is error handling: mapping broad Windows spawn errors to a single “not found” message can obscure genuine failures and complicate debugging. - extensions/lobster/src/lobster-tool.ts (Windows error mapping in runLobsterSubprocess) <!-- greptile_other_comments_section --> <!-- /greptile_comment -->