graphics-troubleshooting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill instructs the agent to load and process arbitrary external assets (models, textures, decoders) from open/public URLs (e.g., loader.load(assetUrl, corsProxy + assetUrl), dracoLoader.setDecoderPath('https://www.gstatic.com/...'), ktx2Loader.setTranscoderPath('https://cdn.jsdelivr.net/...'), useGLTF(url) and loader.load('/model.glb') patterns in references/loading.md), which means untrusted third-party content would be fetched and interpreted as part of its workflow.