Further, I'm not sure you can do command injection, as the the `host` variable is treated as a single token in the shell call. `host = "google.com; wget exploit"` won't run `wget exploit`.

Happy to learn if there's a more nefarious trick that gets around this, though.