syncfusion-javascript-kanban

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's data-binding documentation (references/data-binding.md and SKILL.md) explicitly shows using DataManager/UrlAdaptor/OData to fetch remote public APIs (e.g., https://services.syncfusion.com/js/production/api/Kanban, OData/Web API endpoints), meaning the agent is expected to ingest and act on untrusted third-party content that can change card data and drive UI/CRUD behavior.