Skills
skills/syncfusion/javascript-ui-controls-skills/syncfusion-javascript-chat-ui/Snyk

syncfusion-javascript-chat-ui

Warn

Audited by Snyk on May 4, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill's required workflow and examples explicitly fetch and ingest external, user-generated chat content and files (e.g., references/events.md's created handler calls fetch('/api/messages') to load messages; references/load-on-demand.md uses fetch(/api/messages?page=...) and a WebSocket 'wss://api.example.com/chat'; file-attachment examples use external saveUrl/removeUrl), meaning untrusted third-party content is read and can influence runtime behavior.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 4, 2026, 11:27 AM
Issues
1