security: address remaining code scanning alerts (#253)

src/utils/execFileNoThrow.ts

@@ -50,7 +50,6 @@ type ExecFileWithCwdOptions = {
   maxBuffer?: number
   cwd?: string
   env?: NodeJS.ProcessEnv
-  shell?: boolean | string | undefined
   stdin?: 'ignore' | 'inherit' | 'pipe'
   input?: string
 }
@@ -96,7 +95,6 @@ export function execFileNoThrowWithCwd(
     cwd: finalCwd,
     env: finalEnv,
     maxBuffer,
-    shell,
     stdin: finalStdin,
     input: finalInput,
   }: ExecFileWithCwdOptions = {
@@ -113,7 +111,7 @@ export function execFileNoThrowWithCwd(
       timeout: finalTimeout,
       cwd: finalCwd,
       env: finalEnv,
-      shell,
+      shell: false,
       stdin: finalStdin,
       input: finalInput,
       reject: false, // Don't throw on non-zero exit codes

src/utils/log.ts

@@ -159,7 +159,7 @@ export function logError(error: unknown): void {
   const err = toError(error)
   if (feature('HARD_FAIL') && isHardFailMode()) {
     // biome-ignore lint/suspicious/noConsole:: intentional crash output
-    console.error('[HARD FAIL] logError called:', err.name || 'Error')
+    console.error('[HARD FAIL] logError called')
     // eslint-disable-next-line custom-rules/no-process-exit
     process.exit(1)
   }