Candidate 1: event.headers key with quote/semicolon shell metacharacters (parent PoC surface). Vulnerable parent: reaches /bin/sh -c via curlCommand string. Fixed commit: rejected as bypass because user header is one argv entry after --header and no shell is present. Covered by lazy_test.go TestCronTriggerExecFormNoShellInjection/header_key_with_quote_does_not_break_shell. Candidate 2: event.body with command substitution $(id) or shell separators. Vulnerable parent: body is written through a shell command prefix, so command substitution is possible in the /bin/sh -c string. Fixed commit: rejected as bypass because body is passed as a literal argv value after --data-raw. Covered by lazy_test.go TestCronTriggerExecFormNoShellInjection/body_with_command_substitution_is_literal. Candidate 3: event.body beginning with @/path to trigger curl file-load semantics after shell removal. Vulnerable parent: old code used --data '@/tmp/eventbody.out' after writing a temp file via shell. Fixed commit: rejected as bypass because it deliberately uses --data-raw, not --data; @ is literal. Covered by lazy_test.go TestCronTriggerExecFormNoShellInjection/body_starting_with_at_is_not_file_load. Candidate 4: event.headers key/value beginning with @/path to trigger curl --header file-load semantics. Fixed commit: curl attempts to read a header file only when the *entire* --header argument starts with @. Nuclio formats the header argv as ': '; a key named '@/etc/passwd' would become '@/etc/passwd: value' and curl errors because that exact filename does not exist. This is option-level file-read behavior, not shell command execution, and no marker command executes.