theatre-js
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references official and widely-used packages from the npm registry such as
@theatre/core,@theatre/studio, and@react-three/fiber. These are standard dependencies for the library's functionality. - [COMMAND_EXECUTION] (SAFE): The code examples and installation instructions use standard package management commands (
npm install,npx skills add) without any suspicious flags or piped remote execution. - [DATA_EXFILTRATION] (SAFE): Analysis of the provided scripts shows no attempts to access sensitive local files (e.g., SSH keys, credentials) or send data to unauthorized external domains.
- [PROMPT_INJECTION] (SAFE): The skill does not contain instructions designed to override agent behavior or bypass safety guardrails.
- [DYNAMIC_EXECUTION] (SAFE): No use of
eval(),exec(), or other dynamic code generation patterns from untrusted sources was found. Environment checks likeimport.meta.env.DEVare used correctly to gate development tools (Studio) from production builds.
Audit Metadata