syncfusion-javascript-splitter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's documentation and examples explicitly show loading arbitrary HTML via fetch and inserting it into panes (see references/pane-content.md "Loading Content from URL" and SKILL.md's "Content: Loading HTML markup, text content, or dynamic content"), which clearly ingests third-party/untrusted web content that the component will render and can be acted on (with hooks like beforeSanitizeHtml), so it exposes the agent to indirect prompt-injection risk.