If your print-file generation code tries to exploit the headless browser you use to turn its outputs into PDF something has gone very wrong already.

My biggest concern would be the Perl libraries I used to sanitise the input. I checked and none of them have any CVEs, though.