The NOTIFY_CMD variable just templates various things into the command given in NOTIFY_CMD. The formatted string doesn't escape things like quotation marks, nor things like > or [[ making not only a very buggy experience, but not a very secure one.

If you want proof, set NOTIFY_CMD to something like "echo {msg}", and have somebody send you something like hello > bad_file. The file bad_file is created with "hello" in it. This also makes it really easy to execute arbitrary commands by sending something like ; rm -rf --no-preserve-root /.

I'm not quite sure how NOTIFY_CMD works, but the correct solution would probably be to quote the various inputs before sending them out to be run by sh.

NOTIFY_CMD = shutil.which('notify-send') + " --app-name='tg' --icon='{icon_path}' '{title}' '<i>{subtitle}</i>\\\n{msg}'" 

I totally forgot to elaborate on the bottom part. That's the current command I use for my NOTIFY_CMD, and I get quite a few files in my home folder, especially fragments of emoticons like >:( becomming :(

instead of "echo {msg}", "echo '{msg}'" is the diference that you are looking for

and by default NOTIFY_CMD uses /usr/local/bin/terminal-notifier, this file is for mac, and by default NOTIFY_CMD uses specific syntaxis of that command
for linux you can use your custom NOTIFY_CMD command, like with notify-cmd or create the /usr/local/bin/terminal-notifier file and handle the args