Context-Inappropriate Capability
Medium
- Confidence
- 89% confidence
- Finding
- The pipeline dereferences inputImage URLs returned in OCR result data and downloads them server-side to determine dimensions. Because those URLs come from remote service output, this expands the trust boundary and can be abused for unintended outbound requests, including SSRF-style access to internal resources if the upstream service or result data is compromised.
