three-js

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's loaders documentation (references/07-loaders.md) and examples explicitly show loading and parsing assets from arbitrary external URLs and sources (e.g., loader.load('model.glb'), textureLoader.load('texture.jpg'), manager.setURLModifier(...), fetch('model.glb'), loadFromBlob), which means the agent's runtime workflow can ingest untrusted third-party/user-provided content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill contains runtime loader calls (e.g., dracoLoader.setDecoderPath('https://www.gstatic.com/draco/versioned/decoders/1.5.6/') and ktx2Loader.setTranscoderPath('https://cdn.jsdelivr.net/npm/three@0.160.0/examples/jsm/libs/basis/')) that fetch decoder/transcoder code (WASM/JS) at runtime which executes in the client and is required for Draco/KTX2-compressed asset loading, so these external URLs are runtime-executed dependencies.