Four findings: shell injection via filename (RCE on CLSI), auth bypass
on publish-presentation routes, shell-escape without sandbox in prod,
and stored XSS via published presentations (CSP removed on main origin).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
claude