syncfusion-wpf-pdf-viewer
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a legitimate helper for WPF developers using the Syncfusion PDF Viewer control. All provided C# and XAML snippets align with standard SDK usage patterns and represent documented functionality for the library.\n- [PROMPT_INJECTION]: The skill documents a vulnerability surface for indirect prompt injection in
references/annotation.md. ThePdfViewer_FileLinkAnnotationClickedsnippet usesSystem.Diagnostics.Process.Start(filePath)with a path obtained directly from the PDF document. If a user loads a malicious PDF and clicks a crafted link, this could lead to arbitrary process execution on the host machine.\n - Ingestion points: PDF document metadata and annotation fields (specifically
FileLinkAnnotationsettings) processed by thePdfViewerControl.\n - Boundary markers: No specific delimiters or security warnings are included in the code examples to distinguish between trusted and untrusted link targets.\n
- Capability inventory:
System.Diagnostics.Process.Start(process execution) inreferences/annotation.md;pdfViewer.Save(file write) inreferences/saving-pdf-files.md;pdfViewer.Print(printing) inreferences/print.md.\n - Sanitization: The provided example does not include path validation, URI scheme checks, or sanitization of the
filePathvariable before it is passed to the shell.
Audit Metadata