threejs-textures

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill loads arbitrary external assets at runtime (e.g., THREE.TextureLoader.load("texture.jpg"), TexturePool.get(url) which calls loader.load(url), video.src = "video.mp4", THREE.CubeTextureLoader.load([...]), RGBELoader.load("environment.hdr"), etc.), so it clearly fetches and displays untrusted third‑party content from arbitrary URLs.