📦
監査履歴
hyperframes-creative - 2 監査
監査バージョン 2
最新 中リスクJun 30, 2026, 02:08 AM
The static scanner reported many critical and high findings, but most are false positives from design-language keywords, Markdown examples, and harmless words such as SAME. Real concerns remain: local helper scripts can execute npm, Node, and ffmpeg, and the design picker injects generated preview HTML with innerHTML.
67
スキャンされたファイル
28,120
解析された行数
12
検出結果
codex
監査者
中リスクの問題 (4)
templates/design-picker.html:924-930templates/design-picker.html:1301-1304references/design-picker.md:41-43
Local HTML Injection Surface in Design Picker
The design picker renders generated preview_html and option data with innerHTML. The reference warns that preview_html must not contain scripts, event handlers, or javascript URLs, so misuse can create local XSS in the picker page.
scripts/package-loader.mjs:24-28scripts/package-loader.mjs:181-192scripts/package-loader.mjs:227-252
Local Dependency Bootstrap Executes npm and Re-runs Node
The package loader can install pinned helper packages into a temporary directory and re-run the current Node process. It uses confirmation, pinned specs, and --ignore-scripts, but it still executes local package-management commands.
ffmpeg Subprocess Processes User-Supplied Media
The audio extraction helper passes a user-provided media path to ffmpeg and writes JSON output. It avoids shell=True, but ffmpeg parsing of untrusted media is still a local processing risk.
frame-presets/blue-professional/caption-skin.html:29frame-presets/blue-professional/frame-showcase.html:7-10templates/design-picker.html:817-820
External Runtime and Font Dependencies
Several HTML assets load GSAP or fonts from external CDNs. These are normal presentation dependencies, but they create network access and supply-chain exposure during preview or rendering.
低リスクの問題 (3)
Static Critical Sensitive Findings Are Keyword Collisions
The reported Windows SAM database findings include prose such as SAME in comments, not access to Windows credential stores. I did not find evidence of SAM database reads.
frame-presets/blue-professional/FRAME.md:3-8references/design-picker.md:61-67palettes/monochrome.md:8-11
Static Weak-Crypto and C2 Findings Are Mostly Design Text
Many high findings are caused by terms inside frame presets, color descriptions, Markdown examples, and visual style labels. No evidence found of cryptographic routines or command-and-control behavior in those cited design files.
Prompt Injection Search Found No Direct Override Text
A targeted search for common instruction-override phrases found no evidence of embedded prompts telling the evaluator to ignore instructions, skip review, or change risk levels.
リスク要因
🌐 ネットワークアクセス (3)
⚙️ 外部コマンド (3)
📁 ファイルシステムへのアクセス (3)
⚡ スクリプトを含む (3)
検出されたパターン
innerHTML Assignment With Generated HTMLSynchronous Child Process ExecutionPython Subprocess Execution
監査バージョン 1
中リスクJun 27, 2026, 09:04 AM
The static scanner reported many critical and high findings, but most are false positives from design-language keywords, Markdown examples, and harmless words such as SAME. Real concerns remain: local helper scripts can execute npm, Node, and ffmpeg, and the design picker injects generated preview HTML with innerHTML.
67
スキャンされたファイル
28,120
解析された行数
12
検出結果
codex
監査者
中リスクの問題 (4)
templates/design-picker.html:924-930templates/design-picker.html:1301-1304references/design-picker.md:41-43
Local HTML Injection Surface in Design Picker
The design picker renders generated preview_html and option data with innerHTML. The reference warns that preview_html must not contain scripts, event handlers, or javascript URLs, so misuse can create local XSS in the picker page.
scripts/package-loader.mjs:24-28scripts/package-loader.mjs:181-192scripts/package-loader.mjs:227-252
Local Dependency Bootstrap Executes npm and Re-runs Node
The package loader can install pinned helper packages into a temporary directory and re-run the current Node process. It uses confirmation, pinned specs, and --ignore-scripts, but it still executes local package-management commands.
ffmpeg Subprocess Processes User-Supplied Media
The audio extraction helper passes a user-provided media path to ffmpeg and writes JSON output. It avoids shell=True, but ffmpeg parsing of untrusted media is still a local processing risk.
frame-presets/blue-professional/caption-skin.html:29frame-presets/blue-professional/frame-showcase.html:7-10templates/design-picker.html:817-820
External Runtime and Font Dependencies
Several HTML assets load GSAP or fonts from external CDNs. These are normal presentation dependencies, but they create network access and supply-chain exposure during preview or rendering.
低リスクの問題 (3)
Static Critical Sensitive Findings Are Keyword Collisions
The reported Windows SAM database findings include prose such as SAME in comments, not access to Windows credential stores. I did not find evidence of SAM database reads.
frame-presets/blue-professional/FRAME.md:3-8references/design-picker.md:61-67palettes/monochrome.md:8-11
Static Weak-Crypto and C2 Findings Are Mostly Design Text
Many high findings are caused by terms inside frame presets, color descriptions, Markdown examples, and visual style labels. No evidence found of cryptographic routines or command-and-control behavior in those cited design files.
Prompt Injection Search Found No Direct Override Text
A targeted search for common instruction-override phrases found no evidence of embedded prompts telling the evaluator to ignore instructions, skip review, or change risk levels.
リスク要因
🌐 ネットワークアクセス (3)
⚙️ 外部コマンド (3)
📁 ファイルシステムへのアクセス (3)
⚡ スクリプトを含む (3)
検出されたパターン
innerHTML Assignment With Generated HTMLSynchronous Child Process ExecutionPython Subprocess Execution