skills/syncfusion/aspnetcore-ui-components-skills/syncfusion-aspnetcore-multiselect/Snyk

syncfusion-aspnetcore-multiselect

Warn

Audited by Snyk on Apr 29, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The skill explicitly documents binding the MultiSelect to remote, public URLs (e.g., references/data-binding.md: dataSource="https://services.odata.org/V4/Northwind/...") and shows AJAX/server-side filtering and cascading examples that require the agent at runtime to fetch and interpret untrusted public data to drive subsequent UI/tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.80). The skill loads and requires third‑party scripts at runtime (e.g., https://cdn.syncfusion.com/ej2/24.1.48/ej2.min.js and https://code.jquery.com/jquery-3.6.0.min.js) which execute remote code in the client and are used as required dependencies to render the MultiSelect component.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 29, 2026, 09:23 PM

Issues

2