d3js
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill content is purely educational and technical, providing legitimate examples for data visualization with no signs of malicious intent or behavior.
- [EXTERNAL_DOWNLOADS]: The skill references the official D3.js library via its official CDN (d3js.org), which is a trusted and well-known service.
- [PROMPT_INJECTION]: The examples demonstrate an attack surface for indirect prompt injection by reading data from local files (e.g., timeseries.csv) and rendering it via the
.html()method in tooltips. 1. Ingestion points: Data loading from local CSV and JSON files inSKILL.mdcode blocks. 2. Boundary markers: Not present in the provided examples. 3. Capability inventory: Limited to standard browser-based SVG and DOM manipulation. 4. Sanitization: Not shown in the basic documentation examples, representing a standard software vulnerability surface rather than a malicious intent.
Audit Metadata