Reviewing the security vulnerability within the download and upload scripts

• path-injection Unvalidated input in path value creation risks unintended file/directory access
• Hardcoded credentials