d3-viz
Pass
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): Vulnerability to Cross-Site Scripting (XSS) in 'assets/interactive-template.jsx'. Ingestion points: Data entering the 'InteractiveChart' component via the 'data' prop. Boundary markers: None present. Capability inventory: UI rendering using D3.js. Sanitization: Absent; fields like 'd.label' and 'd.category' are injected into the DOM via '.html()' without escaping, creating a risk if the agent's data source is compromised.
Audit Metadata