[tyingq]

Heredocs are a little odd, because you can't see what they might be piping to.

This script, for example looks sort of innocuous when run through your tool because it's not obvious the HEREDOC is going to the stdin of a Perl interpreter. Your tool shows them like they are two separate things that don't do much by themselves.

Looking at the script itself, it's more obvious.

  #!/bin/sh
  cat<<'EOF'|perl -nE'BEGIN{shift(@ARGV)}s#(.*)#$1#ee' /dev/null
  say "hello"; #arbitrary perl code
  EOF

That's probably a nit, really, though. I don't know that anyone would target it on purpose.

[wlib]

Yup, at that point it's within the scope of bash's debugger. It shows the command that is actually being run, so it expands globs, shows the command within if predicates, and so on. If bash shows a command that isn't actually about to run, that is a bash bug.