Skills
skills/schoi80/antigravity-awesome-skills/d3-viz/Gen Agent Trust Hub

d3-viz

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The InteractiveChart component in assets/interactive-template.jsx is vulnerable to XSS/Indirect Prompt Injection by rendering data properties into the DOM using D3's .html() method.
  • Ingestion points: Data provided to the InteractiveChart via the data prop in assets/interactive-template.jsx.
  • Boundary markers: Absent; there are no delimiters or instructions to ignore embedded scripts in the data.
  • Capability inventory: The component uses d3.select(tooltipRef.current).html(...) to modify the DOM at runtime.
  • Sanitization: Absent; the properties d.label and d.category are interpolated directly into the HTML string without escaping or validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 04:43 AM