3d-web-experience
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill provides instructions to globally install the @gltf-transform/cli package. While standard for 3D asset optimization, command execution should be monitored.
- EXTERNAL_DOWNLOADS (LOW): Suggests dependencies from NPM and loading scene files from Spline's production domain (prod.spline.design).
- PROMPT_INJECTION (SAFE): No attempts to override agent behavior or bypass safety filters were found.
- INDIRECT PROMPT INJECTION (LOW): The skill demonstrates surfaces for loading external 3D assets such as GLB files and Spline scenes.
- Ingestion points: External scene URLs in Spline and GLB model paths.
- Boundary markers: Absent in code snippets.
- Capability inventory: None (provides code snippets for the agent to recommend, no active capabilities).
- Sanitization: Absent.
Audit Metadata