4 points
You wouldn’t be hosed on Linux for example. Note that this applies to the arguments to the program, not just the program itself.
In other words if I do run(["echo", untrusted_input])
it would be totally fine on Linux.
-2 points
honestly i wouldn’t trust your linux example at all, what happens with run([“echo”, “&& rm -rf /“])
5 points