The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The server documentation indicates the use of external binaries like gltfpack and meshopt for compression. This pattern implies a potential command injection surface if the implementation fails to properly sanitize user-provided parameters such as 'preset' and 'simplify' before invoking shell commands.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill documentation outlines a service that ingests untrusted GLB/glTF data, which could contain malicious instructions for an LLM if the output is consumed by an agent. 1. Ingestion points: /compress and /compress-stream endpoints. 2. Boundary markers: No delimiters or instruction-ignore warnings are mentioned in the documentation. 3. Capability inventory: System execution of compression tools. 4. Sanitization: Only magic-byte validation (INVALID_GLB) is documented, with no mention of sanitizing internal 3D model metadata.

glb-compressor-server