d3-visualization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflows and examples explicitly load and bind external, arbitrary data files (e.g., d3.csv('data.csv'), d3.json('world.geojson'), Promise.all([d3.json('countries.geojson'), d3.csv('data.csv')])) and recommend importing D3 from public CDNs, so the agent will fetch and render untrusted third‑party content (CSV/JSON/GeoJSON) as part of its runtime workflow.