The validator only ever checks the first child of a `command` node, and only if it is a `word` node; however, an environment variable assignment isn't a `word` node, so the check gets entirely ignored.

Spawn an unrestricted shell by running `X=1 sh -i` and cat the flag.