procedural-clouds
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGH
Full Analysis
- SAFE (SAFE): Comprehensive analysis of the README.md documentation reveals no evidence of malicious intent, credential exposure, or dangerous command execution. The skill is documented as a standard generative tool for visual effects using Three.js.
- Indirect Prompt Injection (INFO): The skill identifies user prompts as a mechanism to drive code and shader generation. While this represents an ingestion surface for untrusted data, the capabilities are limited to visual rendering and display, which poses negligible risk. 1. Ingestion points: User-provided prompts describing cloud types and lighting scenes. 2. Boundary markers: None documented in the README. 3. Capability inventory: Generation of Three.js scenes and GLSL/WGSL shaders for GPU execution. 4. Sanitization: Not explicitly defined in the documentation.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata