Cement Heat Balance Visualization

The skill is designed to generate HTML visualizations for cement production data, but the implementation in `scripts/generate_heat_balance_viz.py` contains a Cross-Site Scripting (XSS) vulnerability. The script uses f-strings to directly inject user-provided data (such as process stage names and KPI labels) into an HTML template without any sanitization or escaping. While the behavior aligns with the stated purpose and there is no evidence of intentional malice, the lack of input validation represents a security risk if the processed data is untrusted.