The Agent Skills Directory

PROMPT_INJECTION (LOW): Potential for indirect prompt injection through untrusted CSV data ingestion.\n- Evidence:\n 1. Ingestion points: scripts/visualize_csv.py and scripts/create_dashboard.py read external CSV files.\n 2. Boundary markers: No delimiters or sanitization logic is present to isolate CSV content from the visualization rendering process.\n 3. Capability inventory: The skill writes to the file system (HTML, PNG, PDF) and generates interactive Plotly visualizations.\n 4. Sanitization: The scripts rely on default library behavior; if a CSV contains malicious strings (e.g., JavaScript in categorical values), they could be executed via XSS when the user opens the generated HTML dashboard.

csv-data-visualizer