Koyeb's inject_env_vars used sed escaping that didn't handle single quotes,
allowing API key values containing ' to break out of the shell command string
passed to `koyeb instances exec`. Replace with file-based injection using
generate_env_config + upload_file, matching the safe pattern in shared/common.sh.
Hyperstack goose/gemini/interpreter/codex scripts embedded $OPENROUTER_API_KEY
directly in double-quoted command strings passed to run_server (SSH). Values
containing double quotes, backticks, or $() could execute arbitrary commands
on the remote VM. Replace with inject_env_vars_ssh which writes env vars to a
temp file, uploads via SCP, and appends to shell config without interpolation.
Also hardens Koyeb upload_file to reject remote paths containing shell
metacharacters (', $, `, newline).
Agent: security-auditor
Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
