syncfusion-blazor-docx-editor
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The reference files provide shell commands (
dotnet add packageanddotnet restore) intended for the user to install necessary NuGet dependencies for the Blazor project. - [EXTERNAL_DOWNLOADS]: The skill provides instructions for downloading dictionary assets (e.g.,
.dicand.afffiles) from an external public repository atgithub.com/wooorm/dictionariesto support spell-checking features. - [DATA_EXFILTRATION]: The provided C# code snippets demonstrate accessing the local file system to read document resources, specifically targeting
.docxfiles located in thewwwroot/data/directory. - [PROMPT_INJECTION]: The skill facilitates a surface for indirect prompt injection by providing code that loads and processes untrusted external document formats (
.docx). - Ingestion points: Files are loaded into the application context via the
WordDocument.Loadmethod inblazor-documenteditor-server.mdandblazor-documenteditor-webapp.md. - Boundary markers: The generated snippets do not implement delimiters or instructions for the agent to ignore potential malicious prompts embedded within the document content.
- Capability inventory: The skill allows the agent to generate and deliver C# and Razor code, with a delivery option to modify existing project files in the workspace.
- Sanitization: There is no evidence of content sanitization or validation performed on the ingested document data before it is serialized or displayed.
Audit Metadata