syncfusion-javascript-rich-text-editor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's AI assistant flow (references/ai-assistant.md) explicitly sends user-selected editor content (args.text) combined with prompts to an AI backend via the aiAssistantPromptRequest handler, and the editor also accepts arbitrary third-party inputs (paste cleanup of pasted web content, image/media URLs, iframeSettings.resources that load external scripts/styles, file manager/ajax URLs), so untrusted web/user-generated content can be ingested and directly influence AI prompts and subsequent actions.