Product
A command injection vulnerability (GHSA-vv65-f55v-xm6g) exists in Grackle AI's `@grackle-ai/runtime-sdk` and `@grackle-ai/powerline` components, allowing an attacker to achieve remote code execution as the PowerLine user on provisioned environments by injecting commands into unsanitized Git task branch names via the `SpawnSession` RPC.