syncfusion-react-query-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Data Binding instructions (references/data-binding.md and SKILL.md) explicitly show binding the QueryBuilder to remote DataManager URLs (e.g., https://services.odata.org/... and arbitrary API endpoints) and auto-generating columns from remote data, meaning the component will fetch and interpret untrusted public/third‑party data at runtime which can change rules/queries and influence subsequent actions.