skills/syncfusion/aspnetcore-ui-components-skills/syncfusion-aspnetcore-rich-text-editor/Gen Agent Trust Hub
syncfusion-aspnetcore-rich-text-editor
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches required JavaScript and CSS resources from Syncfusion's official CDN (cdn.syncfusion.com).
- [EXTERNAL_DOWNLOADS]: References third-party libraries like CodeMirror and Marked.js from the well-known cdnjs service to enable code editing and markdown preview features.
- [PROMPT_INJECTION]: The AI Assistant feature processes editor content as context for AI prompts, creating an indirect prompt injection surface. Ingestion points: The AiAssistantPromptRequest event in references/ai-assistant.md receives the editor's text selection. Boundary markers: No specific delimiters or instructions for the AI to ignore instructions within the editor content are shown in the examples. Capability inventory: The system can update the editor content through addAIPromptResponse and execute various formatting commands. Sanitization: The implementation uses a built-in HTML sanitizer for XSS prevention, though it does not address logical prompt injection.
- [SAFE]: The skill provides comprehensive security guidance, including default-on HTML sanitization, IFrame isolation for style encapsulation, and recommendations for server-side validation.
Audit Metadata