Connector translates Spark string filters (contains, startsWith, endsWith) into $regex without escaping user input. This turns literal matching into regex evaluation (e.g., ".*" matches everything), breaking Spark semantics and theoretically enabling regex injection.

Expected
User input treated as literal string in Spark’s LIKE and string filters (contains, startsWith, endsWith).

Actual
User input interpreted as regex when pushed down to the connector.

Acceptance criteria

• contains()/startsWith/endsWith treats any character as literals.
• Add regression tests with metacharacters (including \Q and \E) to verify escaping cannot be bypassed.