The Agent Skills Directory

PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface (XSS) detected in assets/interactive-template.jsx. * Ingestion points: The InteractiveChart component receives untrusted data through the data prop. * Boundary markers: No boundary markers or 'ignore' instructions are used to distinguish data from code structure. * Capability inventory: The skill uses D3's .html() method to render tooltips, providing a mechanism for script execution. * Sanitization: Data properties such as label and category are interpolated directly into the tooltip's HTML string without escaping or sanitization, allowing an attacker to execute malicious scripts if the agent processes compromised data.

d3-viz