So I have this existing command that accepts a single argument, but I need something that accepts the argument over stdin instead.

A shell script wrapper like the following works, but as I will be allowing untrusted users to pass arbitrary strings on stdin, I'm wondering if there's potential for someone to execute arbitary commands on the shell.

#!/bin/sh
$CMD "`cat`"

Obviously if $CMD has a vulnerability in the way it processes the argument there's nothing I can do, so I'm concerned stuff like this:

• Somehow allow the user to escape the double quotes and pass input into argument #2 of $CMD
• Somehow cause another arbitary command to run