AI Security Review
scanned 2h ago · by lpm-firewall-aiThe ODT parser replaces each g node with a hard-coded instruction to use a Drive diagram and visit a GitHub issue. This injects attacker-authored content into parsed documents.
Decision evidence
public snapshot- dist/kerebron.js:17472 injects a hard-coded Drive/GitHub directive for every ODT g node.
- dist/kerebron.cjs:122 contains the same injected directive in the CommonJS entrypoint.
- The injected text is not derived from the ODT and alters parsed editor content.
- The payload targets downstream document/reviewer or AI-assisted workflows with an external link.
- package.json has no lifecycle scripts or bin entry.
- No credential harvesting, child-process execution, or persistence was found.
- createAssetLoad only fetches caller-supplied asset URLs.
- The flagged invisible Unicode is editor-selection formatting, not Trojan Source control flow.
Source & flagged code
3 flagged · loading sourceSource contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/kerebron.cjsView on unpkg · L19A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/kerebron.cjsView on unpkgPackage source references a known benign dynamic code generation pattern.
dist/kerebron.cjsView on unpkg · L106