syncfusion-angular-inline-ai-assist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes explicit code (references/core-configuration.md "Streaming with Real AI Service (OpenAI Example)" and related promptRequest handlers) that fetches responses from external AI APIs (e.g., https://api.openai.com), then injects those untrusted responses into the component via addResponse and innerHTML/applyResponse, allowing third‑party content to be read/interpreted and to directly influence UI and actions, which could enable indirect prompt injection.