Skills
skills/syncfusion/angular-ui-components-skills/syncfusion-angular-rich-text-editor/Gen Agent Trust Hub

syncfusion-angular-rich-text-editor

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill documents an AI Assistant feature that is susceptible to indirect prompt injection.
  • Ingestion points: In references/ai-assistant.md and references/events-media-upload.md, the aiAssistantPromptRequest event ingests args.text (the current editor selection) which can contain untrusted content.
  • Boundary markers: The provided code examples show the prompt and editor text being concatenated without explicit security delimiters or boundary markers to prevent the LLM from obeying instructions embedded in the editor content.
  • Capability inventory: The AI Assistant uses addAIPromptResponse to insert HTML/Markdown into the editor and supports programmatic control via executeCommand.
  • Sanitization: The component relies on a built-in enableHtmlSanitizer (enabled by default) and a markdown-to-html converter to mitigate risk when rendering AI responses.
  • [EXTERNAL_DOWNLOADS]: The skill references several external service integrations for extended functionality.
  • Connects to Syncfusion's production API (services.syncfusion.com) for Word/PDF document conversion and file management.
  • Integrates third-party services including WebSpellChecker (WProofreader), Embedly for media previews, and Google Fonts.
  • These downloads and service calls are directed at the vendor's infrastructure or well-known technology providers.
  • [NO_CODE]: This skill consists entirely of documentation, usage guidelines, and reference code snippets. It does not contain any executable scripts or binaries intended for direct execution by the AI agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 09:43 AM
Security Audit — agent-trust-hub — syncfusion-angular-rich-text-editor