Skills
skills/syncfusion/aspnetcore-ui-components-skills/syncfusion-aspnetcore-uploader/Gen Agent Trust Hub

syncfusion-aspnetcore-uploader

Fail

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill provides code templates for server-side file management that are vulnerable to directory traversal.
  • File: SKILL.md and references/getting-started.md
  • Evidence: string filePath = Path.Combine(uploadPath, file.FileName); in the Save action and string filePath = Path.Combine(uploadPath, file); in the Remove action.
  • Impact: This allows attackers to manipulate file paths using relative sequences like ../ to write or delete files outside the intended directory.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted file data, establishing an indirect injection surface.
  • Ingestion points: IFormFile[] uploader in SKILL.md.
  • Boundary markers: Absent.
  • Capability inventory: System.IO.File.Create and System.IO.File.Delete across multiple documentation files.
  • Sanitization: Absent in the primary Quick Start examples, although validation is mentioned in advanced references.
  • [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: Incorporates client-side resources from a well-known service.
  • File: SKILL.md
  • Evidence: Loads assets from cdn.syncfusion.com.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 29, 2026, 09:23 PM
Security Audit — agent-trust-hub — syncfusion-aspnetcore-uploader