syncfusion-aspnetcore-kanban
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection as it facilitates the ingestion and rendering of data from external sources (e.g., via
DataManagerordataSource) while possessing the capability to perform network operations. - Ingestion points: Data enters the component via the
dataSourceproperty or through remote endpoints configured in the<e-data-manager>tag helper as documented inreferences/data-binding.md. - Boundary markers: The skill does not provide explicit boundary markers or instructions to the agent to disregard embedded commands within the processed data.
- Capability inventory: The component is capable of performing network requests to external endpoints for CRUD operations (e.g.,
url,crudUrl,insertUrl) as described inreferences/data-binding.md. - Sanitization: The component includes a built-in
enableHtmlSanitizerproperty, enabled by default, which serves to sanitize HTML input and mitigate cross-site scripting (XSS) risks (referenced inreferences/properties.md). - [EXTERNAL_DOWNLOADS]: The skill documentation includes references to external scripts and stylesheets hosted on the vendor's infrastructure.
- Evidence: Mentions of
https://cdn.syncfusion.com/ej2/27.1.48/fluent.min.cssandhttps://cdn.syncfusion.com/ej2/27.1.48/dist/ej2.min.jsinreferences/getting-started.md. - [DATA_EXFILTRATION]: The architecture for remote data binding supports transmitting data to external URLs, which could be leveraged as a data exfiltration channel if the configuration or data source is manipulated by an adversary.
- Evidence: The use of
crudUrland other endpoint properties inreferences/data-binding.mdenables the component to send card data to external servers.
Audit Metadata