The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute the 'open' command to launch the generated HTML visualization in the user's default browser. This is an expected behavior for the tool's purpose but involves interaction with the host operating system.
[EXTERNAL_DOWNLOADS]: Generated HTML files include script references to fetch the D3.js library from the jsDelivr CDN, which is a well-known and established technology service.
[PROMPT_INJECTION]: The skill processes external CSV and JSON data files and uses their structure (such as column names) and content to dynamically generate Javascript code and text annotations. This creates a surface for indirect prompt injection if the data source is untrusted. Ingestion points: The data handling workflow involving 'd3.csv' and 'd3.json' calls and the preliminary data analysis step (reading the first 5 rows). Boundary markers: No specific delimitation or 'ignore instructions' markers are defined for the data ingestion phase. Capability inventory: The skill can write files to the local file system and execute shell commands to open them. Sanitization: There is no explicit requirement in the instructions to sanitize or escape column headers or data values before interpolating them into the generated visualization code.

d3-viz