dev-sanity

This module is primarily a CI/dev sanity-check tool, but it contains a high-impact supply-chain execution risk: it uses eval to execute shell code produced by an external resolver. If the resolver output or its inputs (overlay/context) are tampered with, this enables arbitrary command execution. Additionally, it performs outbound curl requests to configuration-provided URLs without allowlisting, which can expand the network attack surface (potential SSRF-like probing). No explicit malicious payloads are visible in the fragment itself, but the eval-based trust boundary makes it dangerous to run with untrusted or potentially compromised configuration/resolver.