syncfusion-blazor-treeview
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install official Syncfusion NuGet packages (
Syncfusion.Blazor.Navigations,Syncfusion.Blazor.Themes) to enable component functionality. These are standard vendor resources. - [EXTERNAL_DOWNLOADS]: Code examples reference external CSS assets from a well-known CDN (
cdnjs.cloudflare.com) and fetch sample data from an established OData testing service (services.odata.org). - [COMMAND_EXECUTION]: The documentation provides standard .NET CLI commands (
dotnet add package,dotnet restore) for managing project dependencies and setting up the development environment. - [PROMPT_INJECTION]: An implementation pattern in
references/advanced-features.mdusesHtml.Rawto render search highlights. This creates a surface for indirect prompt injection (XSS) if the tree data (FolderName) originates from an untrusted source, as the data is rendered without sanitization. - Ingestion points: Node text fields (
FolderName) and search input (SearchText) inreferences/advanced-features.md. - Boundary markers: Not present in the rendering template.
- Capability inventory: Uses
Html.Rawwhich allows rendering of HTML content directly into the DOM. - Sanitization: No HTML sanitization is performed on the input data before it is passed to
Html.Raw.
Audit Metadata