Custom nodes should be secure. We will start working with custom nodes that violate these standards to be rewritten. If there is some major functionality that should be exposed by core, please request it in the rfcs repo.
These functions can enable arbitrary code execution, creating potential Remote Code Execution (RCE) vulnerabilities when processing user inputs. Workflows containing nodes that pass user inputs into eval or exec could be exploited for various cyberattacks, including: