For question one, can use trigger something like:

RunCMD( "wg-quick down wg0; python3 -m http.server -p 443 -P /etc/

I call this Shell Injection just like SQL injection, this will expose all the files under /etc on https port, any chance can be injected?