Look for write access to arbitrary paths, access to secrets stores, broad network reach, and the ability to invoke other internal services. If the service can touch startup directories, credentials, or production data locations, it has a blast radius that exceeds simple document conversion. That is a governance failure, not just a configuration detail.
Related resources from NHI Mgmt Group
- How do security teams know whether password reset controls are actually working?
- How should security teams govern Active Directory service accounts?
- How should security teams evaluate self-service password reset in hybrid IAM environments?
- How do security teams know if just-in-time access is actually working?
