threejs
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): No malicious patterns, prompt injections, or unauthorized data access detected across 17 files.
- [INDIRECT_PROMPT_INJECTION] (INFO): The skill defines ingestion points for untrusted data via 3D model loaders (GLTF, FBX, etc.) in 'references/02-loaders.md' and 'references/15-specialized-loaders.md'. There are no boundary markers or sanitization, but the capability is limited to graphical rendering (display only), which is a negligible risk.
- [PROMPT_INJECTION] (SAFE): No instructions found that attempt to override agent behavior or bypass safety filters.
- [DATA_EXFILTRATION] (SAFE): No unauthorized network operations or access to sensitive local files (like credentials or SSH keys) detected.
- [COMMAND_EXECUTION] (SAFE): No arbitrary command execution or subprocess spawning found.
Audit Metadata