claude-d3js-skill
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the official D3.js CDN (https://d3js.org/d3.v7.min.js) for library loading. This is an expected and safe practice for D3-based development.
- [PROMPT_INJECTION]: The skill defines patterns for processing untrusted data to generate visualizations, which represents a standard surface for indirect prompt injection. This is considered safe as the skill's capabilities are restricted to SVG rendering and DOM manipulation, with no access to sensitive system tools or network exfiltration paths.
- Ingestion points: Data is ingested via component props and function arguments in
assets/chart-template.jsx,assets/interactive-template.jsx, andSKILL.md. - Boundary markers: Not explicitly defined in the provided code templates.
- Capability inventory: The skill is limited to SVG manipulation; it contains no subprocess calls, file-write operations, or network-writing capabilities.
- Sanitization: Documentation includes best-practice advice on filtering invalid data points (e.g., checking for NaN or null values).
Audit Metadata