fix(e2e): fix _stage_prompt_remotely to embed prompt inline instead of stdin pipe (#2897)

The stdin piping approach was broken: _hetzner_exec runs remote commands via
"printf '%s' 'ENCODED_CMD' | base64 -d | bash", which connects bash's stdin to
the base64 pipe rather than SSH's outer stdin. So `cat > /tmp/.e2e-prompt` read
from EOF — the encoded prompt was never written to the remote file.

Fix: embed the validated base64 prompt directly in the command string using
printf. This is safe because _validate_base64 ensures the prompt contains only
[A-Za-z0-9+/=] — no characters that can break out of single quotes or inject
shell metacharacters.

Co-authored-by: spawn-qa-bot <qa@openrouter.ai>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: L <6723574+louisgv@users.noreply.github.com>

sh/e2e/lib/verify.sh

@@ -54,10 +54,15 @@ _validate_base64() {
 _stage_prompt_remotely() {
   local app="$1"
   local encoded_prompt="$2"
-  # Pipe the encoded prompt via stdin to cloud_exec, which writes it to a
-  # temp file on the remote side. The prompt data never appears in the
-  # command string, so there is zero injection surface.
-  printf '%s' "${encoded_prompt}" | cloud_exec "${app}" "cat > /tmp/.e2e-prompt"
+  # Write the base64-encoded prompt to a remote temp file.
+  # The encoded_prompt is validated to contain only [A-Za-z0-9+/=] characters
+  # (by _validate_base64), so embedding it in a printf command is safe — it
+  # cannot break out of single quotes or inject shell metacharacters.
+  # We do NOT use stdin piping here: _hetzner_exec runs commands via
+  # "printf ... | base64 -d | bash", which connects bash's stdin to the
+  # base64 pipe rather than to SSH's outer stdin, so piped data never reaches
+  # the subcommand.
+  cloud_exec "${app}" "printf '%s' '${encoded_prompt}' > /tmp/.e2e-prompt"
 }
 
 # ---------------------------------------------------------------------------