From Fedora Project Wiki

Note that the "exampleshell"'s use of os.system() is insecure. This is "only" a matter of handling invalid input correctly if the shell is run by root. But if this software becomes popular, it will almost certainly invoked with data originating from untrusted users, and therefore become a root privilege escalation vulnerability.