Marp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript.