syncfusion-javascript-inline-ai-assist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation (e.g., references/ai-service-integrations.md and other examples) shows the component calling external APIs and fetching content from OpenAI/Gemini/LiteLLM/other endpoints and loading commands via fetchCommandsFromAPI, and those external AI/API responses are ingested and can be added/inserted into the editor or drive command execution (inlineAssist.addResponse, ResponseMode.Inline, executePrompt), so untrusted third‑party content can materially influence behavior.