Fix command injection in publish.js senso invocations

[wd7zfpysvs-ui]

Summary

• Switch publish.js from execSync with interpolated shell strings to execFileSync with argv arrays so the senso CLI's --data payload is passed as a single argument and never re-parsed by a shell.
• Closes a high-severity command injection: JSON.stringify does not escape single quotes, so untrusted third-party content reaching publishReceipt (search-result titles/URLs/descriptions from Nimble, embedded in raw_markdown) could break out of the shell-quoted --data block and execute arbitrary commands as the agent user — full RCE with access to WALLET_PRIVATE_KEY and all API keys.

Test plan

• Run the agent end-to-end against a real query and confirm a receipt is still published successfully via senso engine publish.
• Verify the prompts create call returns a prompt_id as before.
• Spot-check with a search result whose title contains a single quote — confirm the command no longer crashes and the literal ' ends up in the published markdown.

🤖 Generated with Claude Code

[wd7zfpysvs-ui]

Superseded by #2, which landed first on main with an equivalent (and more thorough) fix: spawnSync with argv array, plus error handling and other hardening. Closing as no-op.