Trustcontent is not the only capability which is flagged with XSS risk, there are numerous.
To check which capability (or capabilities) are causing this, first navigate to /admin/roles/manage.php and click on "Authenticated user" to view its role definition. Just above the start of the list of capabilities, you should see a row titled "Role risks", which will have some triangle icons next to it to highlight which risks the role poses. On that row, if you see a red triangle with an exclamation mark in it (when you mouseover it, it will also say "XSS risk"), then the role contains some capability that has an XSS risk.
The end column of the capability table on that page shows and risks each capability is flagged with. To find the exact capability/capabilities with that risk, scroll down the capability list and find any with the same red triangle icon in the Risks column. Those are the capabilities that have been added to the role, which are flagged as having an XSS risk.
If you don't find any for the authenticated user role, try checking other user roles which shouldn't have access to XSS flagged capabilities, such as student, using the same steps outlined above, since it's possible something has been individually assigned to each role.
I hope that helps you pinpoint what you are looking for.