syncfusion-wpf-licensing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs placing license keys as string literals in code (e.g., SyncfusionLicenseProvider.RegisterLicense("YOUR_LICENSE_KEY_HERE")) and guides registering keys in application/source, which would require the LLM to include user-provided secret values verbatim in generated code or commands.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The CI examples instruct downloading and extracting a standalone utility from https://s3.amazonaws.com/files2.syncfusion.com/Installs/LicenseKeyValidation/LicenseKeyValidator.zip and then running its LicenseKeyValidatorConsole.exe/PowerShell script in pipelines, which is a runtime fetch of remote executable code that the workflows execute.