The Agent Skills Directory

[DATA_EXPOSURE]: The skill provides examples for manually generating SQL strings from query rules. This pattern introduces a vulnerability surface for SQL injection if the resulting queries are executed on a database without proper parameterization. Evidence found in references/import-export.md and references/filtering-search.md.- [DYNAMIC_EXECUTION]: Implementation examples for custom templates in references/templates-customization.md utilize innerHTML to inject content derived from the data source into the DOM. This represents a potential Cross-Site Scripting (XSS) risk if the bound data contains unsanitized scripts.- [PROMPT_INJECTION]: The skill is designed to ingest and process external filter rules in JSON format, which constitutes an indirect prompt injection surface.
Ingestion points: Filter rules loaded from local storage, user-uploaded files, or remote endpoints as shown in references/import-export.md and references/data-binding.md.
Boundary markers: No explicit delimiters or instructions are used in the documentation to separate data from execution context.
Capability inventory: UI rendering, data filtering, and network requests via DataManager or fetch as documented across several files.
Sanitization: The documentation provides example validation logic in references/import-export.md (the validateRules function) to verify the structure and field mapping of imported rules before they are applied.

syncfusion-javascript-querybuilder