skills/syncfusion/spreadsheet-editor-sdk-skills/syncfusion-aspnetcore-spreadsheet-editor/Gen Agent Trust Hub
syncfusion-aspnetcore-spreadsheet-editor
Fail
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: CRITICALNO_CODEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill contains only Markdown reference files and does not include any executable scripts like Python, JavaScript, or Shell.
- [EXTERNAL_DOWNLOADS]: Fetches core spreadsheet libraries and styles from Syncfusion's official CDN and NuGet registry, which are trusted sources.
- [EXTERNAL_DOWNLOADS]: An automated scan flagged the URL
https://your-api-endpoint.com/salesinreferences/data-binding.mdas malicious; this is used as a generic placeholder in documentation. - [DATA_EXFILTRATION]: Provides code snippets for remote data binding and file saving that use placeholder external endpoints without providing warnings about the potential for sensitive data transmission to untrusted servers.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in its generated code.
- Ingestion points: User prompts for loading Excel files or fetching data from remote URLs (SKILL.md).
- Boundary markers: None present in the generated CSHTML and C# code snippets to delimit untrusted content.
- Capability inventory: Remote data fetching via
DataManagerandfetch, and file operations viaWorkbook.Open(references/import-export.md). - Sanitization: The provided code templates do not implement validation or sanitization for user-supplied URLs or file content.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata