fix: Round 8 slop audit — 14 security findings

[b-macker]

Summary

• 2 CRITICAL: Triple-quote Python injection in legacy fallback path (call_dispatch.cpp F-1) — replaced exec('''...''') with Py_CompileString()+PyEval_EvalCode(). fireHook() command injection (governance_reports.cpp F-2) — added shellEscape() for all variable substitutions.
• 1 CRITICAL (new): codegen_impl.cpp missing GovernanceHardError catch-and-rethrow — HARD blocks were silently swallowed by catch(std::exception&).
• 3 HIGH: SQLite NULL deref + unchecked ops in block_search_index.cpp (F-3). Agent unchecked dict access in agent_impl.cpp (F-4/F-5). Python importlib.import_module() bypass in python_c_executor.cpp (F-6).
• 4 MEDIUM: Agent message/handle type guards, range dict .at() guard, VM polyglot .at() guard, package_manager metacharacter blocklist extension.
• 4 LOW: STUB detector cleanup in llm_patterns.cpp.
• Deferred: F-7 (vm.cpp ~82 unchecked .asInt()/.asString()) — requires opcode-level classification of compiler type guarantees.

R4→R5→R6→R7→R8 trend: 12→6→3→6→14 (R8 was exhaustive full-codebase sweep with pre-audit deep dive).

Test plan

• Build: 0 errors
• run-all-tests.sh: 396/396 accounted, 0 real failures (3 cold-start flakes pass on re-run)
• test_error_msg_leaks.sh: 738/738 passed
• test_govern_json_fuzz.sh: 100/100, 0 crashes
• git diff reviewed — only security fixes, no unintended changes

🤖 Generated with Claude Code

[github-actions]

NAAb Governance Report

Metric	Count
Files checked	16
Passed	16
Failed	0

All governance checks passed!

_{Generated by NAAb Governance Engine v4.0}