syncfusion-react-treegrid

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation includes explicit remote data-binding and fetch examples (e.g., references/data-binding.md shows DataManager with a UrlAdaptor using https://ej2services.syncfusion.com/production/api/treegriddata, and references/events-reference.md shows lazy-load via fetchChildren in expanding handlers), so the component/runtime is expected to ingest untrusted public JSON and use those values to drive actions (lazy loads, navigation, command handling), which could enable indirect instruction injection.