ar-vr-xr
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides standard architectural and safety guidelines for spatial computing development without any detected malicious patterns or obfuscation.\n- [SAFE]: The included Three.js code snippet uses standard library imports to initialize a WebXR session and contains no suspicious operations.\n- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it processes user-provided project data and debugging logs.\n
- Ingestion points: User descriptions of experience constraints and native XR logs in the Workflow and Native XR sections.\n
- Boundary markers: Absent; no delimiters are defined for user-provided content.\n
- Capability inventory: No scripts or subprocess capabilities are present in the skill files.\n
- Sanitization: No input validation or sanitization is specified.\n- [SAFE]: References to external skills and PRs from the plurigrid organization are consistent with the vendor's own resource patterns and do not represent a security risk.
Audit Metadata