I am not sure what you are getting at. Those don't occur on the web and are not an issue with desktop apps you install. If a desktop app wants to run a bash command, it can do it. It doesn't need to find a bash injection.
There isn't easily exploitable issues like XSS on the desktop. Meaning, if you run a desktop app you generally don't have to worry that some rogue code is injected into the app, unless the developers keys are stolen which is rare.
There isn't easily exploitable issues like XSS on the desktop. Meaning, if you run a desktop app you generally don't have to worry that some rogue code is injected into the app, unless the developers keys are stolen which is rare.