syncfusion-vue-ai-assistview

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and required workflow (references/ai-integration.md and SKILL.md) show the component calling external AI APIs (e.g., fetch to https://api.openai.com, Google Gemini endpoints, and Anthropic/Claude endpoints) and ingesting their responses as part of onPromptRequest/streaming handlers, so untrusted third-party content is read and can directly affect agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains runtime fetch calls to external AI endpoints (e.g., https://api.openai.com/v1/chat/completions) that retrieve remote responses which are injected into the AssistView (directly controlling prompts/responses), so this is a high-confidence external dependency used at runtime.