data-viz-2025
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists of documentation, utility TypeScript scripts for data processing, and React component examples. Analysis found no evidence of malicious intent, data exfiltration, or obfuscation.\n- [EXTERNAL_DOWNLOADS]: The skill recommends several well-known and trusted visualization libraries (Recharts, D3.js, Nivo, Visx, Observable Plot) and testing tools (Percy, Chromatic) available through official package registries.\n- [COMMAND_EXECUTION]: The documentation provides standard shell commands for development workflows, including package installation via npm and running visual regression tests with Percy.\n- [PROMPT_INJECTION]: Provides architectural patterns for 'AI-Enhanced Visualizations' where data is passed to an LLM to generate insights. This represents an indirect prompt injection surface if untrusted data is processed without sufficient boundary markers or sanitization.\n
- Ingestion points:
SKILL.mdandreferences/data-storytelling.md(AI Annotation feature description)\n - Boundary markers: Not explicitly defined in the provided architectural examples\n
- Capability inventory: Use of
fetchto send data to external APIs for insight generation\n - Sanitization: No explicit sanitization or input validation logic is shown in the AI-annotation code snippets
Audit Metadata