The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill references several external libraries used for visualization, including Chart.js, Three.js, D3.js, Mermaid, and Tone.js.
The sources for these libraries are well-known and established Content Delivery Networks (CDNs) including cdnjs.cloudflare.com, esm.sh, cdn.jsdelivr.net, and unpkg.com.
These references are used for standard visualization functionality as intended by the skill's purpose.
[PROMPT_INJECTION]: The skill documents and encourages the use of a sendPrompt() global JavaScript function within the generated HTML widgets.
Ingestion points: Instructions in SKILL.md (Part 6) guide the agent to create buttons that execute sendPrompt('message') when clicked.
Boundary markers: The provided examples do not include delimiters or specific warnings to ignore embedded instructions within the prompts sent by this function.
Capability inventory: The sendPrompt() function allows the output of the skill to programmatically initiate a new interaction turn with the agent, effectively simulating user input.
Sanitization: There is no evidence of sanitization or validation logic to ensure that data interpolated into these prompts is safe or lacks malicious instructions. This mechanism represents a surface for indirect prompt injection where the generated UI can influence subsequent agent behavior.

Advanced Visualization Techniques