syncfusion-aspnetcore-combobox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow explicitly fetches and binds remote/public data (e.g., references/data-binding.md shows DataManager.Url = "https://js.syncfusion.com/..." and references/advanced-features.md and data-binding.md include fetch('/api/states?...') / fetch('/api/cities?...') and dynamic DataManager URL updates), and those responses are parsed and used to change control state and drive subsequent actions, so untrusted third‑party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The Getting Started guide instructs including the remote Syncfusion script https://cdn.syncfusion.com/ej2/21.2.6/dist/ej2.min.js which is fetched at runtime, executes remote JavaScript in the page, and is presented as a required dependency for the ComboBox to function.