syncfusion-react-scheduler

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill documentation explicitly instructs runtime ingestion of open/public third‑party content (e.g., DataManager remote URL in "Pattern 3: Remote Data Binding", the lazy-loading DataManager URL in references/advanced-features.md, and Ajax loading of external locale JSON), meaning untrusted external event/locale data would be parsed and used to drive scheduler behavior.