Status: IN
The complete host selection through module execution pipeline is secured end-to-end: CLI targeting (groups, globs, exclusions) feeds into multi-format inventory resolution, then every resolved module call passes through policy enforcement, credential injection, and privilege escalation before execution.