Open
Description
A follow up issue for #1245 (comment).
We'd better to sanitize the args we get from a command line in all npm run seed_tools commands
If I was to suggest a way to sanitize these it would be to just check the values here before we pass them in further to make sure they're semi expected. E.g. revision parameter should be a hash and studyDir we could probably check to make sure it's within a reasonable location on the file system and matches a file path (rather than appending on something like && npm run malicious script or something to that affect.