qe-n8n-expression-testing

The module correctly implements expression validation and execution helpers for n8n-style expressions, but it relies on new Function to parse and execute untrusted expression text without sandboxing, redaction of sensitive context, execution limits, or other runtime protections. That design exposes the host process to arbitrary code execution risks: data exfiltration (from context or environment), remote network calls, file/OS access, and DoS via expensive computations. Recommended mitigations before use in multi-tenant or automated contexts: run evaluations in a hardened sandbox or separate least-privileged process/container, restrict available globals and APIs, redact or provide synthetic context instead of real secrets, add execution time/resource limits, and prefer static analysis over execution for untrusted inputs. Treat the code as functionally useful but security-sensitive; do not execute untrusted expressions directly in a privileged host process.