d3js-data-visualization
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the official D3.js library for installation via npm and provides a CDN link to d3js.org.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the way it processes external data for rendering.
- Ingestion points: Data enters the visualization logic through the
drawChart(data)andsetupResponsiveChart(containerId, data)functions inSKILL.md. - Boundary markers: There are no explicit markers or instructions to the agent to treat the input data as purely passive or to ignore embedded control instructions.
- Capability inventory: The skill uses D3 to manipulate the DOM, generate SVG content, and implement interactive tooltips using the
.html()method. - Sanitization: While the documentation suggests filtering for numeric validity (nulls/NaN), it lacks guidance on sanitizing or escaping string properties before rendering them as HTML in tooltips, creating a potential XSS vector.
Audit Metadata