running-code-analyzer

This module is not overtly malware (no networking, execution, or persistence). However, it is a high-impact file patching tool that fully trusts an external JSON file to choose target file paths and to insert arbitrary replacement text. If the JSON input is tampered with or attacker-controlled, it can enable arbitrary file read/write within the process permissions and supply-chain style source-code injection that may later be built/executed by downstream tooling.