Skills
skills/corlab-tech/skills/figma-d3-react-ts/Gen Agent Trust Hub

figma-d3-react-ts

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes external web content to guide code generation.
  • Ingestion points: SKILL.md uses mcp1_browser_snapshot to read content from D3.js example notebooks on ObservableHQ listed in references/d3-examples-catalog.md.
  • Boundary markers: Absent; there are no specific delimiters or instructions to ignore commands embedded in the external source material.
  • Capability inventory: The skill has the ability to execute shell commands via npx nx build and npx playwright for building and testing components as specified in SKILL.md.
  • Sanitization: Absent; the skill does not sanitize or filter content retrieved via browser snapshots before processing it.
  • [EXTERNAL_DOWNLOADS]: Fetches reference code and design assets from well-known and trusted platforms including ObservableHQ and Figma.
  • [COMMAND_EXECUTION]: Uses standard development and testing tools such as nx and playwright to validate generated visualization components.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 01:36 AM