Skills
skills/syncfusion/aspnetcore-ui-components-skills/syncfusion-aspnetcore-inputs/Gen Agent Trust Hub

syncfusion-aspnetcore-inputs

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) in its server-side code examples.
  • Ingestion points: User-provided filenames from IFormFile.FileName and the files array in HomeController.cs (documented in SKILL.md).
  • Boundary markers: Absent in the Quick Start and Getting Started sections.
  • Capability inventory: Employs file system operations including System.IO.File.Create, System.IO.File.Delete, and Directory.CreateDirectory across multiple files.
  • Sanitization: The skill provides inconsistent guidance. While references/uploader-advanced-patterns.md and references/uploader-async-upload.md include remediation steps like path validation, the primary "Quick Start" examples use Path.Combine directly with unsanitized user input, creating a vulnerability surface.
  • [EXTERNAL_DOWNLOADS]: The skill references front-end resources (CSS and JS) from cdn.syncfusion.com. These are official assets from the vendor's own infrastructure and are documented as standard implementation practice.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 11:19 PM
Security Audit — agent-trust-hub — syncfusion-aspnetcore-inputs