Security: Remove simulate feature that actually executes a script.
The simulate is setup to actually execute scripts via a fake script execution.
This is not intended to do anything other than to catch problems in the script setup.
I have come to the realization that a malicious actor could setup a custom scripting engine to be executed on simulation.
An oblivious user could then be performing a simulation with the expectation that nothing actually happens while the malicious scripting engine performs some nefarious activity.
Strip out the fake script execution to prevent this behavior.
This is a loss of some functionality but I prefer the safety over this potential bad behavior.
projects / fll / commit