Block a user
CI supply-chain: pin action SHAs + container digest, lock deps, verify get-pip
Transport hardening: TCP dead-connection detection, reset spin bound, BLE leak/buffer cap
Controller: transport leak on failed connect; CSV closed before unhook (write-after-close)
link.py DTC/freeze-frame parsing bugs (phantom codes, malformed Mode 02, hex frame index)
Scheduler: poll thread dies silently on transport error; timed-out one-off runs late
Actions: untrusted profile can bypass the confirmation + response mis-parse
Formula sandbox: unbounded ** / << allows DoS from an untrusted profile