syncfusion-angular-blockeditor
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The editor component ingests content through multiple entry points including clipboard access and file imports. While the documentation provides extensive guidance on using built-in security features like HTML sanitization and paste cleanup, the processing of untrusted external content represents an indirect prompt injection surface.
- Ingestion points:
importFromJson,importFromHtml, andimportFromClipboardmethods described inreferences/data-export-and-import.md. - Boundary markers: The
enableHtmlSanitizerandpasteCleanupSettingsproperties are available to define and manage content boundaries. - Capability inventory: The skill facilitates file exports (
getDataAsHtml,getDataAsJson) and network operations viaimageBlockSettingsfor server-side uploads inreferences/advanced-features.md. - Sanitization: Comprehensive guidance on HTML sanitization, URL validation, and paste cleanup is provided in
references/security-and-paste-handling.md. - [DYNAMIC_EXECUTION]: The skill supports the creation of custom block types using templates, which can be defined as functions to generate dynamic component structures at runtime.
- Evidence: The
templateproperty in theBlockModelinterface allows for function-based generation as shown in the examples inreferences/advanced-features.md. - [EXTERNAL_DOWNLOADS]: The documentation instructs users to install official
@syncfusionscoped packages from the npm registry. These are verified resources originating from the component vendor. - Evidence: Installation commands for
@syncfusion/ej2-angular-blockeditorand related base packages are found inSKILL.mdandreferences/getting-started.md.
Audit Metadata