builder-smoke-test

This module is mostly standard server configuration but contains a high-impact confidentiality violation: when SMOKE_TEST_COOKIE_LEAK is enabled, it exposes an endpoint that returns the request’s Cookie header verbatim in the HTTP response. If reachable in any real environment (including staging/production via misconfiguration), it enables cookie/session exfiltration. No other strong malware indicators are evident in this snippet, but the included behavior is sufficiently dangerous to treat as malicious or backdoor-like debug functionality.