[salawat]

....except it isn't if you set up the git user with authorized_keys (user public key), and set the login shell for the system git user to nologin.

Congratulations. Git without bash. Unless there's another escape I'm not aware of.

[feldrim]

And that is the whole idea of having a list like this. These tools by default have some capabilities which can easily be executable. You need to mitigate each of those. Because they are insecure by default.