syncfusion-aspnetcore-markdown-converter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow converts Markdown text into HTML and assigns it to innerHTML (e.g., previewEl.innerHTML = ej.markdownconverter.MarkdownConverter.toHtml(textArea.value)), where the Markdown source is user-authored/outsider free text from the Rich Text Editor textarea.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill loads and depends at runtime on the Syncfusion CDN script (https://cdn.syncfusion.com/ej2/{{ site.ej2version }}/dist/ej2.min.js), which executes remote JavaScript (providing ej.markdownconverter) and is a required runtime dependency, so it executes external code in the agent's environment.