syncfusion-react-inline-ai-assist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation and required workflow (references/ai-integrations.md and SKILL.md) explicitly show calling external AI services (OpenAI, Google Gemini, Lite-LLM, Ollama, and fetch-based endpoints) and then feeding their responses into the component via addResponse (e.g., OpenAI/Gemini streaming examples and the Ollama/fetch examples), and those responses are used to update the UI or be inserted into the DOM (e.g., handleResponseItemSelect using lastResponse to set editableRef.innerHTML), so untrusted third‑party content can materially influence actions.