skills/syncfusion/blazor-ui-components-skills/syncfusion-blazor-rich-text-editor/Gen Agent Trust Hub
syncfusion-blazor-rich-text-editor
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches required NuGet packages (
Syncfusion.Blazor.RichTextEditor,Syncfusion.Blazor.Themes) from official package registries.\n- [EXTERNAL_DOWNLOADS]: References official Syncfusion service URLs for handling document imports and exports, such ashttps://blazor.syncfusion.com/services/production/api/RichTextEditor/ImportFromWord.\n- [COMMAND_EXECUTION]: Includes standard .NET CLI commands for adding vendor packages to a project.\n- [PROMPT_INJECTION]: As the editor component processes and renders HTML/Markdown content from potentially untrusted users, it presents a surface for indirect prompt injection. The documentation correctly identifies this and highlights the built-inEnableHtmlSanitizer(on by default) and paste cleanup settings as primary security guardrails. Mandatory evidence chain for Indirect Prompt Injection: Ingestion points:Valueand@bind-Valueproperties in SKILL.md and references/data-binding.md; Boundary markers:EnableHtmlSanitizeris enabled by default; Capability inventory: File-write capabilities via server-side upload examples in references/images-and-media.md; Sanitization:EnableHtmlSanitizerandRichTextEditorPasteCleanupSettingsare documented.
Audit Metadata