If your attacker controls the data you're exporting to a CSV file, they can take advantage of a memory safety issue in your CSV exporter to execute arbitrary code on your machine.

https://georgemauer.net/2017/10/07/csv-injection.html