skills/syncfusion/spreadsheet-editor-sdk-skills/syncfusion-vue-spreadsheet-editor/Gen Agent Trust Hub
syncfusion-vue-spreadsheet-editor
Fail
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: CRITICALDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface area for Indirect Prompt Injection because it is designed to ingest and process untrusted external data in the form of Excel and CSV files. Payloads within these files could potentially influence agent behavior if interpreted as instructions. \n
- Ingestion points: Files are loaded from local and remote sources as described in
SKILL.mdandreferences/import-export.md. \n - Boundary markers: None specified in the instructions for processing file content. \n
- Capability inventory: The skill performs file-write operations to the output directory (
SKILL.md) and network operations to remote endpoints (references/import-export.md). \n - Sanitization: No explicit sanitization logic for data extracted from spreadsheet files is defined. \n- [DATA_EXFILTRATION]: Automated scanning flagged
https://your-api-endpoint.com/salesas a malicious URL. Technical review identifies this as a placeholder domain used for instructional purposes inREADME.mdandreferences/data-binding.md. However, it represents a network operation to a non-whitelisted domain in a demo context. \n- [EXTERNAL_DOWNLOADS]: The skill references several remote endpoints for core functionality, including official Syncfusion services for opening and saving files (document.syncfusion.com). While these are well-known vendor services, they involve transmitting spreadsheet data to external servers by default in the provided example configurations.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata