materialize-docs
Audited by Socket on Jun 12, 2026
2 alerts found:
SecurityAnomalyNo clear evidence of intentional malware (e.g., backdoor behavior, cryptomining, or forced exfiltration to hardcoded attacker infrastructure) is present in this snippet. However, the embedded generator contains several security-relevant design risks: (1) schema-driven eval(), which is strong client-side code-execution risk in a page context; (2) secret/API key is logged to the browser console and is sent in an Authorization-like header to a user-specified arbitrary endpoint; and (3) generated content is rendered via innerHTML without sanitization, creating DOM injection/XSS risk within the page. Treat this fragment as unsafe to copy into production without hardening (remove eval, avoid innerHTML, minimize secret logging, and restrict/validate destination).