/**
 * ESLint Rule: no-shell-injection
 * CWE-78: OS Command Injection
 *
 * Fires when child_process shell-execution functions receive a first
 * argument built via string concatenation or template literal expressions.
 *
 * Detection: structural-api. The rule checks the SHAPE of the first argument,
 * not what value flows into it. exec(`git ${cmd}`) fires regardless of what
 * `cmd` contains — the concatenation itself is the signal.
 *
 * Does NOT fire on:
 *   - exec('literal command') — static string, no injection surface
 *   - spawn('cmd', [args]) — args array is the safe parameterization form
 *   - exec(variable) — indirect; data-flow analysis required, out of scope
 */
import type { TSESLint } from '@interlace/eslint-devkit';
export declare const noShellInjection: TSESLint.RuleModule<"shellInjection", [], unknown, TSESLint.RuleListener> & {
    name: string;
};