After, looking at this for quite a while, I am not convinced there's an issue here. %e is returned as just the basename of the executable path, and %t and %E seem even less problematic.
If you think there's an issue, it would be good to show a worked example of how an "innocent" core_pattern pipe command could lead to execution of unexpected code.
