procedural-starfield
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- SAFE (SAFE): The skill primarily consists of markdown documentation and shader code (GLSL/WGSL) intended for GPU execution via Three.js. No host-level command execution, persistence mechanisms, or credential access were identified.
- EXTERNAL_DOWNLOADS (LOW): An automated scanner alert was provided for the URL 'this.ca'. A manual inspection of the skill content does not reveal any usage of this domain. It is likely a false positive triggered by the proximity of the word 'this' to words starting with 'ca' (such as 'catalog' or 'celestial') or a concatenation during the scanner's processing phase. No actual remote resource fetching was found.
- INDIRECT_PROMPT_INJECTION (LOW): As a generative graphics skill, it interprets user prompts to create scenes. While this is a surface for prompt injection, the risk is minimal as the skill's primary function is to generate Three.js code for a browser environment, and it lacks dangerous capabilities (like file system writing or network access) that could be exploited through such an injection.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata