Merge pull request #10 from akabarki76/alert-autofix-11

Potential fix for code scanning alert no. 11: Unsafe shell command constructed from library input

Author: akabarki76

packages/core/src/utils/editor.ts

@@ -181,11 +181,8 @@ export async function openDiff(
       case 'vim':
       case 'neovim': {
         // Use execSync for terminal-based editors
-        const command =
-          process.platform === 'win32'
-            ? `${diffCommand.command} ${diffCommand.args.join(' ')}`
-            : `${diffCommand.command} ${diffCommand.args.map((arg) => `"${arg}"`).join(' ')}`;
-        execSync(command, {
+        const args = diffCommand.args;
+        execFileSync(diffCommand.command, args, {
           stdio: 'inherit',
           encoding: 'utf8',
         });