cesiumjs-models-particles

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs loading untrusted third‑party assets via Model.fromGltfAsync({ url: ... }) and ParticleSystem.image (e.g., glTF/GLB models, images) and describes parsing glTF JSON/metadata (animations, nodes, EXT_mesh_features, NGA_gpm_local) which the runtime uses to drive animations, node transforms, picking, and positioning—meaning external, user-provided content can influence agent behavior.