spline-interactive

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill loads and runs arbitrary public Spline scene URLs (e.g., "https://prod.spline.design/.../scene.splinecode") as part of its core workflow (see SKILL.md patterns and the Spline component examples and onLoad/onSplineMouseDown handlers) and then reads object names/events (e.target.name, findObjectByName, emitEvent) from those user-published scenes to decide and trigger actions, so untrusted third-party scene content can materially influence tool behavior.