cad-viewer

This module primarily performs image rendering and GIF encoding, with no direct evidence of credential theft, data exfiltration, or malicious payload execution in the shown code. The dominant security concern is the dynamic loading of a cached implicit CAD runtime using an externally supplied URL (inputUrl), which could enable SSRF or remote asset/code inclusion depending on loadCachedImplicitCadModule’s allowlisting and execution model. Additionally, in browser contexts it exposes a global window entrypoint and may be susceptible to resource exhaustion if rendering dimensions/frame counts are not bounded.