Marko is another template engine, with a syntax very similar to HTML and JavaScript. Let's look at the following code:
<% import os x=os.popen('id').read() %> ${x}
This code will also put an RCE risk in the application, it receives any parameter without validation and displays the result directly.