Some git repo will insert an internal hyperlink that points to a file of the repo. For example. somefile
But astral concatenate the internal hyperlink as a URL path with the domain name of astralapp.
You can try to add links like the following into the README.md.
export signout revoke
Then click the link in the preview part in the astral app, you will at last access the internal API of astralapp and do something out of expectation. I tried to add the link of "DELETE ACCOUNT" to make things more critical but the DELETE ACCOUNT API is using DELETE method when requesting HTTP. So, it's not a big deal in the security field but it's actually an unexpected design.
Some git repo will insert an internal hyperlink that points to a file of the repo. For example. somefile But astral concatenate the internal hyperlink as a URL path with the domain name of astralapp.
You can try to add links like the following into the README.md. export
signout
revoke
Then click the link in the preview part in the astral app, you will at last access the internal API of astralapp and do something out of expectation. I tried to add the link of "DELETE ACCOUNT" to make things more critical but the DELETE ACCOUNT API is using DELETE method when requesting HTTP. So, it's not a big deal in the security field but it's actually an unexpected design.