Add language about how not to use Thor

Bill Desmarais · Bill Desmarais · commit 301b14e0ccba · 2018-07-05T14:52:08.000-04:00
diff --git a/README.md b/README.md
@@ -19,6 +19,11 @@ utilities.  It removes the pain of parsing command line options, writing
 build tool.  The syntax is Rake-like, so it should be familiar to most Rake
 users.
 
+Please note: Thor, by design, is a system tool created to allow seamless file and url
+access, which should not receive application user input. It relies on open-uri,
+which combined with application user input would provide a command injection attack
+vector.
+
 [rake]: https://github.com/ruby/rake
 
 Installation
