3d-web-experience
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill provides instructions for installing well-known, standard development packages such as @splinetool/react-spline and @gltf-transform/cli via npm. These are appropriate for the domain and present no security risk.
- Command Execution (SAFE): Reference shell commands for asset optimization (e.g., ls -lh, npx) are included as instructional snippets for the user and are not executed autonomously by the agent.
- Indirect Prompt Injection (SAFE): The skill serves as a static expert reference; it does not process external, untrusted data in a way that creates an injection surface.
- Prompt Injection (SAFE): The instructions in SKILL.md and reference files are aimed at grounding the agent's expertise and do not attempt to bypass safety filters or override core system instructions.
Audit Metadata