add-3d-assets
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns such as obfuscation, data exfiltration, or unauthorized privilege escalation were detected. The skill's behavior aligns with its stated purpose of game asset enhancement.
- [EXTERNAL_DOWNLOADS]: Downloads 3D models and props from well-known industry services including Poly Haven and Sketchfab. These are trusted sources for game assets.
- [COMMAND_EXECUTION]: Executes local scripts provided by the plugin (
meshy-generate.mjsandfind-3d-asset.mjs) using Node.js to automate model generation and retrieval tasks. - [PROMPT_INJECTION]: The skill analyzes local game source code to derive context for 3D asset generation, which presents a surface for indirect prompt injection.
- Ingestion points: Reads local files including
package.json,src/core/Constants.js, and gameplay logic insrc/gameplay/*.jsandsrc/entities/*.js. - Boundary markers: None identified; the skill assumes the analyzed code is trusted developer source code.
- Capability inventory: Executes local scripts via subprocesses and writes GLB files and modified JavaScript code to the project directories.
- Sanitization: No specific sanitization or filtering of ingested source code content is mentioned before it is processed for AI prompt generation.
Audit Metadata