security: HTML injection in auth error output

[nathanschram]

Description

In the auth module, subprocess output is inserted into <pre> HTML tags without escaping <, >, and & characters. A crafted error message from a subprocess could inject Telegram HTML entities, potentially altering message formatting or including misleading content.

Affected files

• src/untether/telegram/auth.py:168 (approx)

Impact

Telegram HTML entity injection — could be used for social engineering (e.g. injecting fake "Approved" messages into error output).

Recommended fix

import html
escaped_output = html.escape(subprocess_output)
message = f"<pre>{escaped_output}</pre>"

Severity

MEDIUM — limited to message formatting manipulation.

[nathanschram]

Status update — v0.35.2 session 2026-04-17

Addressed in PR #326 (branch feature/security-bundle-v0.35.2, open on dev).

This issue is one of a bundled security PR covering #195, #196, #197, #199, #200, #201, #202, #203, #204. Per-issue detail in the PR body and in CHANGELOG.md under the ## v0.35.2 (unreleased) heading.

Note: #198 (engine subprocess env allowlist) was deliberately dropped from this bundle and remains open — it's the highest-risk change in the original bundle plan and needs per-engine integration validation as its own PR. See the handover doc for details.

Integration test still needed on dev bot: force a command error path (e.g. invalid plugin config) and confirm the Telegram reply no longer echoes paths/URLs; confirm voice transcription error path still behaves sensibly; confirm /codex-auth against a failing codex still renders safe HTML.