Skills
skills/syncfusion/winforms-ui-components-skills/syncfusion-winforms-scheduler/Gen Agent Trust Hub

syncfusion-winforms-scheduler

Warn

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill documentation includes C# code examples that utilize the BinaryFormatter class for saving and loading appointment data to and from disk files in references/appointments-and-data.md and references/getting-started.md. The LoadBinary method calls formatter.Deserialize(fs), which is a well-known insecure deserialization pattern that can be exploited for arbitrary code execution if the data file is maliciously crafted.
  • [PROMPT_INJECTION]: The skill handles untrusted data in appointment fields, creating an indirect prompt injection surface. 1. Ingestion points: Subject and Content fields in references/appointments-and-data.md. 2. Boundary markers: Absent. 3. Capability inventory: File writing and UI interaction. 4. Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 6, 2026, 04:38 PM
Security Audit — agent-trust-hub — syncfusion-winforms-scheduler