pipulate

The server uses `eval()` to execute JavaScript received via WebSocket messages (`assets/utils.js`, `assets/pipulate-init.js`). While this is intended for dynamic UI updates orchestrated by the local server, it's a significant security vulnerability if an attacker could inject malicious scripts into the WebSocket stream. The 'local-first' model implies user trust in the local server instance, mitigating the risk for standard usage, but this pattern is fundamentally unsafe for untrusted inputs. Extensive filesystem operations (reading/writing to `browser_cache`, `downloads`, `data`, `output`, `temp` directories) occur through Python and shell scripts, requiring careful path validation. The installer downloads code and a ROT13-encoded SSH key, introducing supply chain risks. Dependencies on external APIs (Google Gemini, Botify, GSC) and browser automation (Selenium, undetected_chromedriver) expand the attack surface. However, the Nix-managed environment enhances reproducibility and dependency isolation, which is a positive security aspect.