syncfusion-react-mention

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill documentation (SKILL.md and references/working-with-data.md and references/api.md) explicitly shows using a DataManager/WebApiAdaptor to fetch remote data from public endpoints (e.g., https://services.odata.org/... and https://services.syncfusion.com/react/...), which the component ingests and uses to render suggestions and insert/display text—allowing untrusted third-party content to influence behavior.