threejs-builder
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill generates Three.js application code and project assets based on user instructions, creating a surface for indirect prompt injection. \n
- Ingestion points: User prompts for scene creation and helper installation as described in SKILL.md. \n
- Boundary markers: No delimiters or boundary markers are utilized in the code templates to isolate user-provided data from agent instructions. \n
- Capability inventory: File system write operations provided by an internal Python script. \n
- Sanitization: The skill does not implement sanitization or validation for user-supplied input or target file paths. \n- [COMMAND_EXECUTION]: The skill includes a Python script (install-gltf-calibration-helpers.py) that performs directory creation and file copying. This tool can be used to write files to locations on the file system if directed by a malicious prompt. \n- [EXTERNAL_DOWNLOADS]: The skill's templates and documentation reference official libraries and assets from well-known services such as unpkg.com and gstatic.com, which are standard for web development and considered safe sources.
Audit Metadata