Maybe I'm doing something wrong but I'm not even able to reproduce the example Proof of Concept. The code in question does look a bit fishy for command injection, but without a working example, my knowledge of the inner-workings of groff is too limited to assess the plausibility.
fwiw, the writeup does _reek_ of that overconfident, doomsaying, LLM tone...
