Skills
skills/syncfusion/react-ui-components-skills/syncfusion-react-rich-text-editor/Gen Agent Trust Hub

syncfusion-react-rich-text-editor

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides comprehensive guidance for implementing a rich text editor with built-in security features.
  • [XSS_PREVENTION]: Documentation in references/validation-security.md and references/properties.md emphasizes that enableHtmlSanitizer is enabled by default to strip dangerous tags and attributes.
  • [PASTE_CLEANUP]: The PasteCleanup module documented in references/paste-clipboard.md allows developers to define deniedTags and deniedAttrs to further secure content pasted from external sources.
  • [INDIRECT_PROMPT_INJECTION]: The skill handles untrusted data through the editor and AI Assistant.
  • Ingestion points: Editor value updates, pasted content, and AI prompt requests (references/editor-value.md, references/ai-assistant.md).
  • Boundary markers: The component uses a default HTML sanitizer and encourages the use of custom delimiters for merge fields.
  • Capability inventory: Capabilities include command execution (formatting) and network operations for uploads or AI processing, which are scoped to the editor's functionality.
  • Sanitization: Sanitization is active by default and can be customized via the beforeSanitizeHtml event.
  • [EXTERNAL_RESOURCES]: The skill references standard NPM packages and suggests connecting to user-provided backend services (e.g., saveUrl, serviceUrl) using placeholder values, following standard development practices.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 04:27 PM