presentation

Warn

Audited by Socket on Jul 7, 2026

1 alert found:

Security
SecurityMEDIUM
base/src/content/markdown.tsx

The fragment is not malware-like, but it is security-critical for XSS if `source` is attacker-controlled: it renders Markdown `html` tokens directly using `dangerouslySetInnerHTML` with no sanitization. Additionally, link `href` values are only partially validated (external HTTP(S) detection and rewriting), and internal anchor scrolling decodes attacker-controlled fragments. If the application guarantees `source` is fully trusted or sanitized before reaching this component, risk is reduced; otherwise, this component should be treated as an XSS sink.

Confidence: 78%Severity: 85%
Audit Metadata
Analyzed At
Jul 7, 2026, 06:30 PM
Package URL
pkg:socket/skills-sh/iii-hq%2Fiii%2Fpresentation%2F@d651fef93d962b6740aa9f0e1b8d5d91e2567bf2f5682b155fb99e4001143672
Security Audit — socket — presentation