syncfusion-javascript-accordion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation (see references/data-loading.md, "AJAX Content Loading" and "DataSource" examples) explicitly shows runtime fetching of external URLs and APIs via DataManager, fetch, and Ajax (e.g., 'api/accordion-items', /docs/accordion-section-*.html, Ajax('./content.html')), which injects untrusted remote HTML/JSON into item.content and event handlers — meaning third‑party content is ingested and can influence behavior and subsequent actions.