Intent-Code Divergence
Medium
- Confidence
- 98% confidence
- Finding
- `render_html` creates a Jinja environment with `autoescape=False`, and the template also uses `| safe` for `section.content`. Because the JSON config is treated as input, an attacker can inject arbitrary HTML/JS into generated reports; if the HTML is opened in a browser or reused by downstream systems, this can become stored XSS or active content injection. In this skill's context, report data may come from user- or model-generated content, which makes the trust boundary especially weak.
