The Agent Skills Directory

Indirect Prompt Injection (LOW): The interactive chart template in assets/interactive-template.jsx contains a vulnerability surface for XSS due to unsafe data handling. 1. Ingestion points: Untrusted data enters the component via the data prop. 2. Boundary markers: There are no delimiters or explicit instructions to ignore HTML tags within the data. 3. Capability inventory: The component manipulates the DOM and renders tooltips based on the provided data. 4. Sanitization: The code uses .html() on line 98 to render tooltip content, allowing for the execution of scripts embedded in label or category fields.

d3-viz