syncfusion-javascript-query-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation and workflow explicitly show loading remote/untrusted data and rule JSON into the component (see references/data-binding.md which uses DataManager with remote url and loadRulesFromServer that fetches '/api/saved-queries/query-1', and references/import-export.md showing import from server), so the agent would ingest and act on arbitrary third-party content that can change rules and subsequent actions.