syncfusion-aspnetcore-docx-editor
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses official and verified resources from Syncfusion, including NuGet packages (Syncfusion.EJ2.WordEditor.AspNet.Core) and CDN assets (cdn.syncfusion.com).
- [EXTERNAL_DOWNLOADS]: The skill references dictionary files from the well-known wooorm/dictionaries GitHub repository, which is a standard resource for spell-checking functionality.
- [COMMAND_EXECUTION]: The skill's workflow allows for direct modification of project files, but this is gated by a mandatory user confirmation step to prevent unauthorized actions.
- [PROMPT_INJECTION]: The skill handles external document data (DOCX/SFDT), which is an inherent surface for indirect prompt injection. This is mitigated by the use of specialized editor components for data processing.
- Ingestion points: Untrusted data enters via document loading and paste operations (references/paste-formatting.md).
- Boundary markers: No specific delimiters are used to isolate document content from agent instructions.
- Capability inventory: The skill can modify project files upon user request (SKILL.md).
- Sanitization: Content is processed by the Syncfusion Document Editor without specific pre-sanitization instructions.
Audit Metadata