webgpu-threejs-tsl
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- PROMPT_INJECTION (SAFE): No instructions were found that attempt to override AI behavior, extract system prompts, or bypass safety guidelines. The content is strictly technical and educational.
- DATA_EXFILTRATION (SAFE): There are no attempts to access sensitive system files, environment variables, or hardcoded credentials. Network activity is limited to standard texture loading from relative local paths.
- REMOTE_CODE_EXECUTION (SAFE): The skill does not perform remote script downloads or piped command execution. It relies on standard module imports from the 'three' package.
- DYNAMIC_EXECUTION (SAFE): Although the skill documents the use of
wgslFnfor defining GPU shaders, this is a core and legitimate feature of the Three.js WebGPU renderer. No evidence of unsafe host-side JavaScript evaluation or untrusted code generation was found. - PRIVILEGE_ESCALATION (SAFE): No commands requiring elevated permissions (e.g., sudo, chmod) or system configuration changes are present.
- PERSISTENCE_MECHANISMS (SAFE): The skill does not attempt to create cron jobs, modify shell profiles, or establish startup services.
Audit Metadata