Skills
skills/freshtechbro/claudedesignskills/aframe-webxr/Gen Agent Trust Hub

aframe-webxr

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes Python scripts (scripts/component_builder.py and scripts/scene_generator.py) used to generate boilerplate code for A-Frame projects and write it to the local file system based on user-provided inputs.
  • [EXTERNAL_DOWNLOADS]: Documentation and templates reference external libraries hosted on reputable, well-known CDNs including A-Frame's official site, jsDelivr, unpkg, and cdnjs. These downloads are associated with the official A-Frame framework and its community-maintained components.
  • [PROMPT_INJECTION]: The code generation scripts represent a surface for indirect prompt injection as they ingest user-controlled strings to populate template files.
  • Ingestion points: CLI arguments such as name and output in scripts/component_builder.py and scripts/scene_generator.py.
  • Boundary markers: None identified in the template interpolation logic.
  • Capability inventory: File system write access via standard library functions.
  • Sanitization: Minimal sanitization is performed, such as replacing underscores with dashes in component names.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 05:30 PM