I am programming a site where developers can share shell scripts and other users can execute it via a CLI.

I decided to add a little joke into it: the page where users can view a shell script is https://mukodik.com/scriptid.sh

I use Express, so I just use app.get('/:id.sh') to get the scriptid.

How would someone possibly bug out this page? (the uploaded shell script is not actually stored in a file, it's stored in a mysql database(using connection.escape to escape chars))