I’ve been running opcode composition experiments (e.g. CAT+CSFS, IK+CSFS) on signet.Related: #130613, #130598, Delving threadIn several cases, the script validates correctly, but still feels structurally unsafe(e.g. replay, cross-UTXO reuse, weak binding).My question:How do experienced developers recognize these issues early, before they turn into real vulnerabilities?In particular, how do you reason about whether a construction is "too general" or insufficiently bound?