syncfusion-react-treeview

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly describes and demonstrates runtime fetching from remote Web API/OData endpoints (see SKILL.md "Data Binding" mentioning remote Web API/OData and references/advanced-features.md load-on-demand/nodeExpanding examples that call fetch(/api/children/${nodeId}) or fetchChildrenFromAPI), so the agent would ingest and act on untrusted third-party content as part of its workflow.