fix(export): address critical security vulnerabilities

- Replace all eval() with safe AST-based expression evaluation
  - Loop condition evaluation now uses _safe_eval_condition()
  - Condition handler uses _safe_eval_with_context() for variable access
  - Only allows safe operations: comparisons, boolean ops, len/str/int/bool

- Remove shell=True from execute_command to prevent command injection
  - Shell operators (|, >, <, &&, ;, $) are now rejected with clear error
  - Commands are parsed with shlex and executed without shell

- Fix model detection regex for o1-/o3- patterns
  - Use word boundary to avoid matching o10, o11, etc.

Author: aadamsx