syncfusion-blazor-rich-text-editor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests untrusted, user-provided web content (pasted HTML/Word imports, arbitrary image/video URLs, and external Markdown content) and then programmatically reads/acts on it (e.g., ValueChange handlers, GetTextAsync/ExecuteCommandAsync, image upload/delete and import/export flows); see references/paste-and-cleanup.md (paste handling), references/images-and-media.md (Insert Image From URL, embedded video URLs), references/editor-modes.md (markdown preview using external Marked.js), and references/import-export.md (importing Word via service URLs).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs adding a runtime script tag that fetches and executes external JavaScript from https://cdn.jsdelivr.net/npm/marked/marked.min.js to render Markdown previews, making it a required runtime dependency that executes remote code.