babylonjs-engine

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflows and examples explicitly load and ingest public third‑party assets (e.g., SceneLoader.ImportMeshAsync with modelUrl, assets like https://assets.babylonjs.com/... in SKILL.md and assets/examples/README.md, and NodeMaterial.ParseFromSnippetAsync('#SNIPPET_ID')), so untrusted external model/texture/snippet content is fetched at runtime and can influence scene setup and behavior.