Skills
skills/syncfusion/javascript-ui-controls-skills/syncfusion-javascript-spinner/Gen Agent Trust Hub

syncfusion-javascript-spinner

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The documentation includes patterns where external data (API responses or error messages) is rendered into the DOM using innerHTML.
  • Ingestion points: Data from fetch() calls in SKILL.md (Pattern 1) and error messages in references/advanced-usage.md (Error Handling section) are rendered directly into container elements.
  • Boundary markers: No explicit boundary markers or security warnings are used around these interpolation points.
  • Capability inventory: The skill performs DOM manipulation via innerHTML and uses the fetch API for data retrieval; it does not have access to sensitive system files or subprocess execution.
  • Sanitization: The provided examples do not demonstrate sanitization or the use of safer alternatives like textContent for dynamic data rendering.
  • [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill documentation references external resources for installation and setup.
  • Evidence: Recommends cloning the quickstart repository from github.com/SyncfusionExamples/ej2-quickstart-webpack and fetching styles from cdn.syncfusion.com.
  • Context: These resources belong to the official vendor and are documented for standard development workflows.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 11:28 AM