threejs-syntax-loaders
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructional content for Three.js asset loading with no malicious instructions or hidden code detected.
- [EXTERNAL_DOWNLOADS]: Fetches Draco geometry decoders from Google's official gstatic CDN (https://www.gstatic.com/draco/versioned/decoders/1.5.6/). This is a standard and expected practice for Three.js applications using Draco compression.
- [DATA_EXFILTRATION]: No sensitive data access or unauthorized network exfiltration patterns were identified. The loaders use standard web APIs for asset fetching.
- [REMOTE_CODE_EXECUTION]: No arbitrary remote code execution patterns found. The use of WASM decoders via setDecoderPath is limited to the specific Three.js Draco decoding functionality.
Audit Metadata