d3-viz
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill provides legitimate documentation, patterns, and templates for data visualisation using the D3.js library.
- [EXTERNAL_DOWNLOADS]: Fetches the D3.js library from the official d3js.org CDN, which is a well-known and established service for this technology.
- [INDIRECT_PROMPT_INJECTION]: The tooltip implementation examples in SKILL.md and assets/interactive-template.jsx use the .html() method to render data properties like d.label and d.value without sanitization.
- Ingestion points: The data array processed by the draw functions or passed to React components (e.g., assets/sample-data.json).
- Boundary markers: Absent; there are no explicit instructions or delimiters to prevent the interpretation of embedded HTML/scripts in the data.
- Capability inventory: SVG rendering and DOM manipulation within the browser context.
- Sanitization: Absent; the code directly interpolates data properties into HTML strings, creating a potential XSS surface if data sources are untrusted.
Audit Metadata