Replaced all instances of `child_process.exec` with `child_process.execFile` to prevent shell metacharacter injection. This ensures that user-provided input is treated as arguments rather than being executed as part of a shell command, mitigating the risk of remote code execution.

This addresses the vulnerability disclosed in GHSA-3q26-f695-pp76.

Special thanks to @dellalibera for the responsible disclosure.