syncfusion-react-diagram

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and required workflow explicitly describe remote data binding (references/data-binding.md and SKILL.md Data Binding section) — including DataManager URLs and CRUD endpoints (e.g., "https://services.syncfusion.com/.../RemoteData" and crudAction examples) — which causes the agent to fetch and interpret arbitrary public JSON to generate nodes/connectors (via doBinding/setNodeTemplate), so untrusted third‑party content can directly influence diagram construction and subsequent actions.