syncfusion-dotnet-word
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references and downloads official Syncfusion libraries (Syncfusion.DocIO.Net.Core, Syncfusion.DocIORenderer.Net.Core, and Syncfusion.Licensing) from the public NuGet registry to support its document processing functions.
- [COMMAND_EXECUTION]: The skill uses the
dotnet scriptutility to execute dynamically generated C# scripts for Mode 2 (Document Generation) operations. This execution is performed within a restricted workflow that includes creating unique temporary files and ensuring cleanup after execution. - [SAFE]: The skill follows security best practices by recommending that sensitive information, such as the Syncfusion license key, be managed through environment variables or local files rather than being hardcoded.
- [SAFE]: The documentation includes explicit security warnings regarding the risks of SSRF and data exfiltration when performing HTML-to-Word conversions involving external image URLs, advising users to validate and restrict sources.
Audit Metadata