threejs
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGH
Full Analysis
- [SAFE] (SAFE): Exhaustive analysis of the code snippets and documentation reveals no malicious intent or security vulnerabilities. The patterns described are industry-standard for 3D web applications.
- [EXTERNAL_DOWNLOADS] (INFO): The skill identifies standard dependencies in the Three.js ecosystem, such as 'three' and '@react-three/fiber'. these are reputable, well-maintained libraries and do not involve untrusted runtime downloads.
- [COMMAND_EXECUTION] (SAFE): All code provided is scoped to client-side execution in a browser context and contains no instructions for server-side command execution or shell interactions.
- [INDIRECT_PROMPT_INJECTION] (INFO): While the skill outlines methods for loading external 3D assets (GLTF, textures), this represents a standard asset-loading surface typical of 3D engines and does not provide capabilities for automated agent decision-making based on untrusted data.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata