GHSA-wg5p-8h9p-3mr7: agent-coderag: Gradle Wrapper Execution During Dependency Discovery Enables Arbitrary Code Execution

agent-coderag has a critical vulnerability where it automatically executes a `gradlew` script (a build automation file) from any repository during its default dependency-discovery process, without checking if the script is legitimate. An attacker can place a malicious `gradlew` script in a fake repository to run arbitrary code (unrestricted commands) on a victim's computer whenever they run the standard `agent-coderag sync` command, requiring no special permissions or authentication.