- extra code injection prevention for script types
- add script_output type (return script results from stdout)