Arbitrary command execution can be triggered by improperly sanitized SSH URLs in LFS configuration files. This can be triggered by cloning a malicious repository.
github.com/git-lfs/git-lfs
{ "imports": [ { "path": "github.com/git-lfs/git-lfs/lfsapi", "symbols": [ "Client.NewRequest", "sshAuthClient.Resolve", "sshCache.Resolve", "sshGetLFSExeAndArgs" ] } ] }