A deployment script has been flagged for security review. Identify all security vulnerabilities, explain the attack vector for each, and produce a hardened version.

#!/usr/bin/env bash

DEPLOY_ENV=$1
PLUGIN_CMD=$2
WORK_DIR=/tmp/deploy_$DEPLOY_ENV

setup_workspace() {
    mkdir -p $WORK_DIR
    cd $WORK_DIR
}

load_plugin() {
    # Allow operators to provide custom processing commands
    eval $PLUGIN_CMD
}

cleanup() {
    rm -rf /tmp/deploy_$DEPLOY_ENV
    return 0
}

validate() {
    if check_prereqs || true; then
        echo "Validation passed"
        return 0
    fi
}

setup_workspace
load_plugin
cleanup

Your response must:

Identify every security vulnerability with the specific risk (injection type, data loss potential, etc.)
Identify any error-handling anti-patterns
Produce a hardened version of the script
Explain what attack would be possible with the original script for each issue

tile.json

pantheon-ai/bash-script-toolkit

task.md.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}validator/evals/scenario-3/

Task: Security Review of a Bash Script

task.mdvalidator/evals/scenario-3/