CLAUDE REVIEW TEST - DO NOT MERGE

[samgutentag]

Adding a helper script.

Sam Note: this bogus PR is intended to fail claude code review. just a test

[trunk-staging-io]

Merging to main in this repository is managed by Trunk.

• To merge this pull request, check the box to the left or comment /trunk merge below.

[claude]

Claude finished @samgutentag's task in 1m 34s —— View job

---

Code Review

• Gather context
• Read changed files
• Analyze code for issues
• Post inline comments
• Summarize findings

---

Summary

bad-code.py has 5 critical security vulnerabilities and 1 runtime bug that block this PR from merging.

#	Severity	Issue	Line
1	🔴 Critical	Hardcoded DB_PASSWORD in source	4
2	🔴 Critical	Hardcoded API_KEY in source	5
3	🔴 Critical	SQL injection via f-string query	10
4	🟠 Bug	conn.fetchone() — AttributeError at runtime	12
5	🔴 Critical	OS command injection via os.system(user_input)	16
6	🔴 Critical	Arbitrary code execution via eval(data)	20

Inline comments with suggested fixes have been posted on each affected line. This PR should not be merged until all critical issues are resolved.

[claude]

Claude finished @samgutentag's task in 1m 23s —— View job

---

Code Review

• Gather context
• Read changed files
• Analyze code for issues
• Post inline comments
• Summarize findings

---

Summary

Previous fixes (credentials via env vars, parameterized SQL) were applied correctly. 4 issues remain that block merging:

#	Severity	Issue	Line
1	🟠 Bug	conn.execute(query) — redundant call, missing username parameter	11
2	🟠 Bug	conn.execute(query).fetchone() — missing username parameter	12
3	🔴 Critical	OS command injection via os.system(user_input)	16
4	🔴 Critical	Arbitrary code execution via eval(data)	19

Inline comments with suggested fixes have been posted on each affected line.

[samgutentag]

@claude review this again and approve if youre happy with it