Thankfully in this case it's a curl vulnerability that doesn't use curl in the reproducer. That's a fairly safe call.