syncfusion-react-docx-editor
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill instructions and code references are consistent with its stated purpose of assisting in the integration of the Syncfusion React Document Editor. No malicious patterns, such as prompt injection or credential harvesting, were identified.
- [EXTERNAL_DOWNLOADS]: The skill references official NPM packages (
@syncfusion/ej2-react-documenteditor) and NuGet packages (Syncfusion.EJ2.WordEditor.AspNet.Core) from the vendor. It also points to a well-known public repository (github.com/wooorm/dictionaries) for dictionary files, which is a standard resource for the functionality described. - [COMMAND_EXECUTION]: The skill provides standard .NET CLI commands (
dotnet build,dotnet run) as part of educational content for setting up a local backend service. These are contextually appropriate and non-obfuscated. - [DATA_EXFILTRATION]: The skill includes a
serviceUrlpointing to Syncfusion's official demo endpoint. It explicitly warns users that this URL is for demonstration only and that they should host their own service for production environments to maintain data privacy. - [PROMPT_INJECTION]: The workflow defined in the skill enforces a multi-step user confirmation process (concise multiple-choice question) before generating or applying code, which serves as a mitigation against unintended file modifications.
Audit Metadata