Is chrisvoncsefalvay/claude-d3js-skill safe?

https://github.com/chrisvoncsefalvay/claude-d3js-skill

97
SAFE

The chrisvoncsefalvay/claude-d3js-skill is a straightforward D3.js visualization reference skill containing only documentation, code examples, and passive JSX boilerplate templates. The SKILL.md contains no prompt injection vectors, no instructions to access sensitive files, and no malicious directives of any kind. Canary file accesses observed in monitoring are attributable to the oathe audit framework's own baseline and post-check routines (occurring before the clone began), and all canary files were confirmed intact. The skill is safe to install.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 97/100 · 25%
Code Execution 99/100 · 20%
Clone Behavior 97/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 98/100 · 5%

Findings (5)

LOW External CDN URL in code examples -2

SKILL.md includes a