# helixml/helix — Trust Profile Trust profile for helixml/helix. 29 exploitable paths across 2 endpoints. ## Structure - **Total routes:** 13 - **Public:** 0 - **Protected:** 0 - **Exploitable:** 2 - **Auth coverage:** null% ## Summary - **Exploitable paths:** 29 - **Confirmed findings:** 286 - **Review findings:** 144 ## Attack Paths (29) ### - **Sink:** exec.Command() - **Impact:** Command execution on server - **File:** api/pkg/desktop/diff.go:72 ### - **Sink:** w.Write() - **Impact:** Abuse of Template unescaped output - **File:** api/pkg/desktop/screenshot.go:35 ### - **Sink:** fmt.Fprintf() - **Impact:** Abuse of Template unescaped output - **File:** api/pkg/hydra/sandbox_handlers.go:81 ### - **Sink:** client.Do() - **Impact:** Abuse of Server-side request - **File:** api/pkg/hydra/server.go:322 ### - **Sink:** w.Write() - **Impact:** Abuse of Template unescaped output - **File:** api/pkg/hydra/server.go:322 ### - **Sink:** http.NewRequest() - **Impact:** Abuse of Server-side request - **File:** api/pkg/oauth/oauth_test.go:189 ### - **Sink:** tmpl.Execute() - **Impact:** Abuse of Template unescaped output - **File:** api/pkg/server/spec_task_workflow_handlers.go:31 ### - **Sink:** fmt.Fprintf() - **Impact:** Abuse of Template unescaped output - **File:** api/pkg/server/evaluation_handlers.go:466 ### - **Sink:** os.Open() - **Impact:** Abuse of File system access - **File:** api/pkg/server/external_agent_handlers.go:165 ### - **Sink:** w.Write() - **Impact:** Abuse of Template unescaped output - **File:** api/pkg/server/kodit_handlers.go:1099 ### - **Sink:** http.NewRequest() - **Impact:** Abuse of Server-side request - **File:** api/pkg/server/mcp_backend_desktop.go:87 ### - **Sink:** w.Write() - **Impact:** Abuse of Template unescaped output - **File:** api/pkg/server/oauth.go:565 ### - **Sink:** http.NewRequest() - **Impact:** Abuse of Server-side request - **File:** api/pkg/server/sandboxes_api_handlers.go:650 ### - **Sink:** w.Write() - **Impact:** Abuse of Template unescaped output - **File:** api/pkg/server/git_repository_handlers.go:327 ### - **Sink:** http.NewRequestWithContext() - **Impact:** Abuse of Server-side request - **File:** api/pkg/server/session_expose_handlers.go:344 ### - **Sink:** fmt.Fprintf() - **Impact:** Abuse of Template unescaped output - **File:** api/pkg/server/openai_chat_handlers.go:54 ### - **Sink:** w.Write() - **Impact:** Abuse of Template unescaped output - **File:** api/pkg/server/spec_driven_task_handlers.go:205 ### - **Sink:** w.Write() - **Impact:** Abuse of Template unescaped output - **File:** api/pkg/server/spec_task_design_review_handlers.go:159 ### - **Sink:** tmpl.Execute() - **Impact:** Abuse of Template unescaped output - **File:** api/pkg/server/spec_task_share_handlers.go:15 ### - **Sink:** fw.w.Write() - **Impact:** Abuse of Template unescaped output - **File:** api/pkg/services/git_http_server.go:305 ### - **Sink:** http.NewRequest() - **Impact:** Abuse of Server-side request - **File:** api/pkg/tools/oauth_api_test.go:134 ### - **Sink:** http.NewRequest() - **Impact:** Abuse of Server-side request - **File:** api/pkg/tools/oauth_tools_test.go:31 ### - **Sink:** pipeline() - **Impact:** Abuse of LLM prompt injection - **File:** runner/helix-diffusers/main.py:337 ### - **Sink:** proxyReq.Header.Set() - **Impact:** Abuse of Header injection - **File:** api/pkg/server/mcp_backend_desktop.go:99 ### - **Sink:** apiServer.cache.Get() - **Impact:** Abuse of Idor generic - **File:** api/pkg/server/openai_model_handlers.go:32 ### - **Sink:** w.Header.Set() - **Impact:** Abuse of Header injection - **File:** api/pkg/services/git_http_server.go:305 ### - **Sink:** logging.info() - **Impact:** Abuse of Log injection - **File:** runner/helix-diffusers/main.py:237 ### POST /v1/images/generations - **Sink:** logger.info() - **Impact:** Abuse of Log injection - **File:** runner/helix-diffusers/main.py:351 ### POST /v1/images/generations/stream - **Sink:** logger.info() - **Impact:** Abuse of Log injection - **File:** runner/helix-diffusers/main.py:337 ## Review Items (5) - **Possible Sensitive Field Exposure in Response** (1 locations) - **Horizontal privilege escalation vulnerability** (2 locations) - **Database error or query exposed in HTTP response** (140 locations) - **Potential IDOR - Generic Data Access** (1 locations) - **puppeteer@24.1.1: another version is flagged as malware** (10 locations) ## High-Risk Dependencies - **wayland-client@0.31.13** - **k8s.io/apiextensions-apiserver@v0.29.0** - **sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.28.0** - **wayland-client@0.31.13** - **http2-client@1.3.5** - **shebang-command@2.0.0** - **k8s.io/apiextensions-apiserver@v0.29.0** - **sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.28.0**