threejs-scene-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly loads and processes external, potentially user-provided models and textures (e.g., ModelLoader.loadGLTF(url) and loadTexture(url), createSkybox(path), MixamoCharacter.loadWithAnimations(fbxPath), and ReadyPlayerMeAvatar which loads https://models.readyplayer.me/{avatarId}.glb and useGLTF.preload), so it fetches and interprets untrusted third-party content at runtime.