Skills
skills/sickn33/antigravity-awesome-skills/claude-d3js-skill/Gen Agent Trust Hub

claude-d3js-skill

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation in SKILL.md references the official D3.js library hosted on d3js.org. This is a well-known and established service for distributing the D3 library.
  • [PROMPT_INJECTION]: The assets/interactive-template.jsx component implements a tooltip system that represents an indirect prompt injection surface.
  • Ingestion points: Data enters the component through the data prop and is processed in a useEffect hook.
  • Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the data fields.
  • Capability inventory: The skill is restricted to DOM manipulation and UI interactivity (zoom, pan, tooltips); it does not contain capabilities for file system access, network requests, or shell command execution.
  • Sanitization: The component uses the D3 .html() method to render data attributes like d.label directly into the tooltip. No sanitization or HTML escaping is applied to these inputs, which could allow for the injection of malicious markup if the input data is not trusted.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 07:43 PM