syncfusion-angular-license

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill includes explicit examples that instruct embedding license keys verbatim in source files and shell commands (e.g., registerLicense('YOUR_LICENSE_KEY_HERE'), echo "YOUR_LICENSE_KEY" > syncfusion-license.txt, hardcoded environment.ts), so an agent following it may be required to handle or output secret values directly.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's CI and NPX examples instruct running "npx syncfusion-license activate" (which fetches and executes the external package from the npm registry, e.g. https://registry.npmjs.org/syncfusion-license) during build/runtime, so it executes remote code fetched at runtime and is relied upon in the provided CI examples.