[mlex]

I don't get this concern. What specifically are you worried about here, that a bad parameter will crash the program? The code is there in case you wanted to verify it's not doing anything nefarious.

This looks like just a cute script/program the author wanted to share with HN, I don't think it's a big deal if they didn't fully productionize the thing and just wanted it to be seen.

[kornbattery]

The worry is that something in a link will cause the program to behave in unpredictable manner. At best it would crash, but it could do much more damage if given the chance.

I don't know Golang, so I can't definitely confirm or deny any intricacies it may or may not have. Though as mentioned by others, it seems to essentially be a wrapper for a webpage

[irevenko]

Just do not use powershell l o l

[laumars]

It's reserved by POSIX shells as well. So either way you'd have to escape the ampersand.

[bawolff]

It sounds like a shell injection vulnerability [i have not actually checked though]. Attack scenario is somewhat realistic ("friend" sends you an image in a manner that preserves filenames, you run command on file)

Being blatently vulnerable is not the same thing as being not production ready.

[irevenko]

Just do not use powershell l o l