Seriously, in retrospect, #autotools itself is a massive supply-chain security risk.
It has normalized shipping and running tens of thousands of lines of arbitrary executable code without any safeguards.
Code that is so mind-numbingly awful that nobody will review it, and written in a language that is full of gotchas that are sneaky eval gadgets.