syncfusion-winforms-licensing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs embedding license keys directly into source code and CI scripts (e.g., RegisterLicense("YOUR_LICENSE_KEY_HERE") and "configure PowerShell script ... with ... license key"), which would require the model to place secret values verbatim into generated code or commands, creating an exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's CI/CD guidance explicitly instructs downloading and executing the LicenseKeyValidator package from https://s3.amazonaws.com/files2.syncfusion.com/Installs/LicenseKeyValidation/LicenseKeyValidator.zip (contains an executable run in pipelines), which is a runtime-fetched external executable the skill relies on—constituting remote code executed at runtime.