[JOSS Review] Security callouts

[gsquared94]

@tjkerby @ben-n-fuller

Reviewing the codebase for JOSS, I found some security issues that contradict the paper's privacy claims.

• Arbitrary File Write: src/backend/src/api/upload.py uses unquote() instead of os.path.basename(), allowing path traversal (e.g., ../../file) to overwrite system files.
• Privacy/Network Exposure: Default Docker configurations bind to 0.0.0.0 instead of 127.0.0.1, exposing "private" instances to the entire local network.
• Data Leakage: src/backend/src/api/api.py mounts the /documents directory publicly without authentication, making all research data accessible to anyone on the network.
• Indirect Prompt Injection: extract_title_ollama in upload.py injects raw content into prompts without delimiters, allowing malicious documents to hijack the LLM context. Consider sanitizing the result for URLs, etc. before storing.