syncfusion-javascript-treeview

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly describes binding to remote, public data sources (e.g., DataManager examples pointing to "https://ej2services.syncfusion.com/production/web-services/api/treeviewdata" and OData endpoints in the Data Binding / Remote Data sections), which means the agent will fetch and interpret untrusted third-party content at runtime to populate nodes and drive UI events.