syncfusion-react-kanban

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and binding remote, potentially arbitrary APIs (see references/data-binding.md examples using DataManager/UrlAdaptor with urls like "https://api.example.com/tasks" and "https://services.syncfusion.com/…", plus fetch/WebSocket examples for real-time updates) so the agent would ingest untrusted third-party content that is read and used to drive UI/events/validation (e.g., drag/drop validation and action handlers) and therefore could be influenced by indirect prompt injection.