exfiltrate

The `exfiltrate` server primarily binds to `127.0.0.1` by default, limiting direct external network attack surface. Communication uses a length-prefixed binary protocol (`rmp-serde`), which is generally more robust against parsing vulnerabilities than text-based protocols. No explicit 'eval' or dynamic code execution found. The proxy (`exfiltrate_proxy`) handles WebSocket handshakes and message framing, including checks for unsupported opcodes. The primary 'risk' is inherent to its debugging nature: custom commands can be implemented by the application developer to expose any internal state or operations, including sensitive data or system calls (e.g., `terminate` command for native targets). Developers must be mindful of what they expose, especially if the application is deployed in a less trusted environment or connected to by unauthorized clients (though local-only binding mitigates this).