Double evaluation in .bash_prompt of dotfiles allows a malicious repository to execute arbitrary commands