Reproduction Summary
- Vulnerable jsPDF 3.0.4 embeds local file contents when a file path is provided to addImage()
- Patched jsPDF 4.0.0 blocks local FS reads by default; attempts error out unless permissions are enabled

How To Run
- Execute: bash /bundle/reproduction_steps.sh
- Outputs:
  - logs/run_*.log: detailed run logs
  - logs/summary.log: concise verdicts
  - repro_work/vuln/out_addImage.pdf: contains secret token (proof)
  - repro_work/patched/attempts/*.pdf: patched/bypass artifacts