adb-driver up to and including 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function.
adb-driver project adb-driver