syncfusion-aspnetcore-dropdowns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime path can ingest outsider-authored free text via remote data binding: <e-data-manager url="..."> (e.g., OData/Web API/URL Adaptor) fetches JSON whose string fields are rendered into the component’s popup/templates, and those fields can originate from external/untrusted parties; the examples even include crossDomain="true" which increases exposure.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Getting Started examples include a runtime CDN script tag that would fetch and execute remote JavaScript (https://cdn.syncfusion.com/ej2/dist/ej2.min.js), which is used as a required dependency in the examples and therefore constitutes a runtime external script execution risk.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)