syncfusion-aspnetcore-diagram

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation explicitly supports remote data binding (references/data-binding.md "Remote Data Binding" and related examples) using DataManager with an arbitrary Url and setNodeTemplate/getLayoutInfo callbacks that read and interpret that remote data to generate nodes/connectors and layout, meaning untrusted third‑party content fetched from arbitrary endpoints can influence runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs pages to load remote Syncfusion CDN resources at runtime (e.g., https://cdn.syncfusion.com/ej2/{{ site.ej2version }}/dist/ej2.min.js and https://cdn.syncfusion.com/ej2/{{ site.ej2version }}/fluent.css), which are fetched during runtime, execute remote JavaScript, and are required dependencies for the skill to function.