They’re essentially being used as a programming language interpreter. This attack could easily have been done with Python or Ruby or Perl. There can’t be a realistic expectation that these tools are robust against malicious input. You have to either sandbox them or keep malicious input away from them.