Currently HOST.CONN macro is used in Ping script (globals script), but it can be used to inject another script into PING like so:

1. Setting host ip to {$MACRO}
2. Setting macro to "127.0.0.1; cat /etc/zabbix/zabbix_server.conf"

Zabbix server should perform validation of expanded HOST.CONN macro and not execute global script if macro is expanded into something that is not IP / domain name.