syncfusion-javascript-querybuilder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation explicitly shows fetching and binding remote, public endpoints (e.g., references/data-binding.md and references/import-export.md use DataManager with URL like "https://api.example.com/employees", OData services, and fetch('/api/saved-queries/...')) and loading JSON rules from those endpoints into the QueryBuilder (e.g., loadRulesFromServer, loadQueryFromDatabase), meaning untrusted third-party content is ingested and directly interpreted as rules that change behavior.