syncfusion-javascript-diagram

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation (references/data-binding-and-loading.md) explicitly shows loading remote JSON via DataManager with a url and examples of "Loading from API"/"Remote Data Binding" (and getting-started.md even clones a public GitHub repo), meaning the agent can be instructed to fetch and ingest arbitrary untrusted web data which would be interpreted to generate diagram content and drive subsequent behavior.