security: 8 Critical/High panic-attack findings need human triage (Track C)

[hyperpolymath]

panic-attack estate sweep — Track C tracking issue

panic-attack assail flagged the findings below in this repo on 2026-05-26. They are aggregated here for human triage rather than as individual PRs because each requires judgement (supply-chain pin choice, schema-design call, mutation-test gap, etc.).

PA001/PA007 UnsafeCode/UnsafeFFI findings are NOT in this list (Track A covers PA001/PA007 separately via PR #32). Findings already suppressed in audits/assail-classifications.a2ml are also excluded.

Estate tracker: hyperpolymath/panic-attack#32.

CommandInjection (1 findings)

file:line list

### `SupplyChain` (1 findings)

file:line list

### `UnboundedAllocation` (5 findings)

file:line list

Critical  impl/rust-cli/src/redirection.rs:?  Potential unbounded allocation pattern detected in impl/rust-cli/src/redirection.rs
Critical  impl/rust-cli/src/main.rs:?  Potential unbounded allocation pattern detected in impl/rust-cli/src/main.rs
Critical  impl/rust-cli/src/secure_erase.rs:?  Potential unbounded allocation pattern detected in impl/rust-cli/src/secure_erase.rs
Critical  impl/rust-cli/src/executable.rs:?  Potential unbounded allocation pattern detected in impl/rust-cli/src/executable.rs

### `UnsafeDeserialization` (1 findings)

file:line list

---

🤖 Discovered during the panic-attack estate sweep (2026-05-26). See hyperpolymath/panic-attack#32 for campaign tracker.