syncfusion-react-treeview
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides technical documentation and standard React component implementation patterns for a well-known UI library. No malicious patterns such as obfuscation, persistence, or data exfiltration were detected.
- [DATA_EXPOSURE]: Code examples use generic API endpoints (e.g.,
/api/children/) and standard browser storage (localStorage) for state persistence, which is appropriate for the component's intended use and does not expose sensitive information. - [REMOTE_CODE_EXECUTION]: Dependencies are limited to official Syncfusion packages (e.g.,
@syncfusion/ej2-react-navigations), which are legitimate vendor resources and do not represent unverified remote code execution risks. - [INDIRECT_PROMPT_INJECTION]: The component processes hierarchical data that may originate from untrusted external sources.
- Ingestion points: Tree data is ingested through the
dataSourceproperty inSKILL.mdandreferences/data-binding.md. - Boundary markers: No specific delimiters are used to separate user data from component instructions in the examples.
- Capability inventory: Examples in
references/advanced-features.mdusefetch()for data retrieval, andreferences/filtering-and-searching.mdusesdangerouslySetInnerHTMLfor rendering highlighted results. - Sanitization: The skill provides an explicit mitigation example in
references/inline-editing.md, demonstrating how to sanitize user input using asanitizeInputfunction to strip HTML and script tags, which follows security best practices.
Audit Metadata