Description-Behavior Mismatch
Medium
- Confidence
- 95% confidence
- Finding
- The script’s interface and description suggest rendering HTML files, but it also accepts arbitrary http/https URLs and loads them in a real browser via Playwright. That expands the trust boundary: attacker-controlled remote pages can trigger outbound network requests, execute JavaScript, and potentially access internal-only endpoints from the agent environment, creating SSRF-style exposure and unintended interaction with live content.
