syncfusion-javascript-file-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required setup (Quick Start Step 2 and many examples of ajaxSettings / CustomFileProvider in SKILL.md and references/advanced-configuration.md) instructs the component to fetch file lists, thumbnails, and metadata from arbitrary external endpoints (e.g., https://your-api.com, ej2-aspcore-service.azurewebsites.net, cdn.syncfusion.com), which are untrusted third-party sources whose responses directly determine UI, permissions, and subsequent actions.