Shell built-in bypass detection (CVE-2026-22708 pattern)

CVE-2026-22708 (Cursor): export/declare/typeset shell built-ins bypass sandboxes. Pattern: export PAGER='malicious command' then any approved command triggers RCE. Our L2 misses pure environment poisoning without sensitive file read. Proposal: detect export/declare setting vars containing network command patterns, flag as L1 catastrophic. Reference: pillar.security/blog/the-agent-security-paradox