If it's too generic I can imagine it'd be difficult to preclude DoS attacks aren't possible. I guess we'd have to be suspicious of operations where the computational cost isn't proportional to the operation's size, but I don't know enough about bitcoin script to imagine OP_CAT breaking that.

The referenced article: https://medium.com/blockstream/cat-and-schnorr-tricks-i-faf1b59bd298