threejs
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Overall (SAFE): The skill is purely educational, providing architectural guidance and boilerplate code for WebGL development without any suspicious commands or file access.
- Data Exposure & Exfiltration (SAFE): No sensitive file paths or unauthorized network operations were identified.
- Indirect Prompt Injection (LOW): The skill suggests loading external assets (GLTF models, textures), which is an inherent part of 3D development. However, the skill lacks high-privilege capabilities (like file writing or command execution) that could be exploited via poisoned assets.
- External Downloads (SAFE): The referenced URL (threejs.org) is the official documentation for the library and is considered a reputable source.
Audit Metadata