add-3d-models
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download 3D assets from official Decentraland builder services and verified GitHub repositories. These downloads are limited to static .glb files for visual rendering.
- [COMMAND_EXECUTION]: Uses shell commands like curl to download assets to the projects local directory. These commands do not involve piping to shells or execution of remote scripts.
- [PROMPT_INJECTION]: Processes local markdown files for model metadata. This establishes an attack surface for indirect prompt injection, but the risk is mitigated by the specific use case of searching for static assets.
Audit Metadata