Summary
Found during fine-grained code-quality review (second pass) at commit 14fbf3e (develop). Severity: medium — security.
ornn-web/src/hooks/usePlaygroundChat.ts:49-64,145-148 — every file-output SSE event triggers an immediate programmatic <a download> click.
Why it matters
A malicious or compromised skill executing in the playground can drop arbitrary files (.html, .bat, .lnk) into the user's Downloads folder with zero user gesture — a drive-by-download primitive handed to whatever code runs in the sandbox.
Suggested fix
Render files in the existing fileOutputs state with an explicit per-file download button instead of auto-clicking.
Summary
Found during fine-grained code-quality review (second pass) at commit
14fbf3e(develop). Severity: medium — security.ornn-web/src/hooks/usePlaygroundChat.ts:49-64,145-148— everyfile-outputSSE event triggers an immediate programmatic<a download>click.Why it matters
A malicious or compromised skill executing in the playground can drop arbitrary files (
.html,.bat,.lnk) into the user's Downloads folder with zero user gesture — a drive-by-download primitive handed to whatever code runs in the sandbox.Suggested fix
Render files in the existing
fileOutputsstate with an explicit per-file download button instead of auto-clicking.