xr-developer
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill does not contain any malicious patterns, obfuscation, or unauthorized data access. It serves its stated purpose as an XR development guide and utility set.
- [EXTERNAL_DOWNLOADS]: The project scaffolding script generates boilerplate code that pulls the Three.js library from the JSDelivr CDN. This is a standard and safe practice for web prototyping, utilizing a well-known and reputable service.
- [COMMAND_EXECUTION]: The skill includes scripts for file system interaction:
check_webxr_compat.pyscans local files for API patterns, andscaffold_webxr.shcreates a project directory. The shell script implements strict input validation for the project name using the regex^[a-zA-Z0-9_-]+$, which effectively mitigates risks of command injection or path traversal.
Audit Metadata