sg-record

This module functions as a client-side session/action recorder. It captures broad interaction and form-related data (including arbitrary non-password input values, clicked UI text, select choices, file-name metadata, and navigation URLs), converts them into replayable selectors/steps, and exports them via bridge({type:'stop', steps}). While it does not show classic malicious payloads (no network/dom/exec primitives in the fragment), the bridge() export of rich user/session data creates a significant privacy and security risk unless strictly controlled with explicit user consent, tight scoping, and robust handling/redaction in the surrounding code.