threejs-game
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install standard Node.js packages (
three,vite) via npm and references official Three.js modules from the JSDelivr CDN (cdn.jsdelivr.net). These are well-known, trusted resources for web development. - [COMMAND_EXECUTION]: Provides boilerplate commands for project initialization (
npm init,npm install) and build scripts (vite dev,vite build). These are standard development workflows and do not execute unauthorized or malicious code. - [PROMPT_INJECTION]: The instructions focus purely on architectural patterns for 3D game development. There are no patterns attempting to bypass agent safety filters or override system instructions.
- [DATA_EXFILTRATION]: No sensitive file access or unauthorized network operations were detected. The architecture promotes centralized state management (
GameState.js) for local game logic only. - [INDIRECT_PROMPT_INJECTION]: While the skill defines systems for loading external assets (
AssetLoader.js) and processing user input (InputSystem.js), these are standard game engine components. The scope is limited to local browser-based execution with no exploitable capability surface for remote command execution.
Audit Metadata