Square Open Source: Unsafe usage of Ruby string interpolation enabling command injection in git-fastclone

While testing git-fastclone for the ext protocol issues in my other report, I looked at the source code and immediately noticed you're using the Cocaine0 library unsafely. Cocaine will protect from command injection but it "only does that for arguments interpolated via run, NOT arguments passed...