There is a thread currently on here that if you have media preview turned on, automatically downloads a file. Thread is Here.
This could be a huge security issue because if a bad actor put a payload in a file that just auto downloads, some people might just open it not knowing what it is.
Not sure where to post bugs, so I figured this might be the place for now.
Created a bug report for this: https://codeberg.org/Kbin/kbin-core/issues/446