syncfusion-vue-inline-ai-assist
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate documentation and integration examples for Syncfusion's official Vue components. All external package references and CSS imports target verified Syncfusion resources.
- [INDIRECT_PROMPT_INJECTION]: The skill documents workflows where user-selected content from the DOM is processed via AI.
- Ingestion points: references/advanced-patterns.md demonstrates capturing text using window.getSelection().
- Boundary markers: Example implementations do not show specific delimiters for user-provided context.
- Capability inventory: The component examples include fetch() operations for communicating with AI service endpoints.
- Sanitization: Examples focus on functionality and do not explicitly demonstrate prompt sanitization.
- [DYNAMIC_EXECUTION]: Several examples (e.g., in references/advanced-patterns.md) use innerHTML to render AI-generated responses within the application. This is a standard pattern for rich-text AI integration but relies on the AI service to provide safe content.
Audit Metadata