The Agent Skills Directory

[PROMPT_INJECTION]: The skill describes patterns for converting user-supplied Markdown to HTML and injecting it directly into the web page's DOM using the innerHTML property. This creates a surface for indirect prompt injection where malicious input could execute arbitrary scripts in the user's browser context.
Ingestion points: User-controlled input from the Rich Text Editor or textareas (e.g., in references/richtexteditor-integration.md).
Boundary markers: None; untrusted input is passed directly to the conversion function.
Capability inventory: Client-side DOM manipulation via innerHTML across multiple integration examples.
Sanitization: The documentation does not specify or demonstrate HTML sanitization of the converter's output before rendering.
[SAFE]: The skill references legitimate assets including the Syncfusion.EJ2.AspNet.Core NuGet package and scripts from the cdn.syncfusion.com domain, which are official resources provided by the vendor.

syncfusion-aspnetcore-markdown-converter