syncfusion-vue-scheduler

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation explicitly shows binding the scheduler to remote, arbitrary URLs via DataManager/WebApiAdaptor (see references/data-binding.md "Remote Data Binding" and the Google Calendar integration) and lazy-loading from server (references/advanced-features.md), meaning the agent will fetch and process untrusted public third‑party content that can directly influence displayed events, templates, and subsequent actions.