The Agent Skills Directory

PROMPT_INJECTION (LOW): Vulnerability surface for Indirect Prompt Injection (XSS) detected in the interactive tooltip rendering logic. * Ingestion points: The 'data' prop passed to the InteractiveChart component in 'assets/interactive-template.jsx'. * Boundary markers: None; data properties are interpolated directly into the UI. * Capability inventory: Client-side UI rendering and DOM manipulation via D3.js. * Sanitization: Absent; properties such as 'd.label' and 'd.category' are rendered using D3's .html() method without escaping or sanitization, allowing for potential script injection if the data source is attacker-controlled.

d3-viz