3d-graphics
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (SAFE): No malicious instructions, behavioral overrides, or system prompt extraction patterns were detected in the skill files.
- DATA_EXFILTRATION (SAFE): No evidence of sensitive data access or unauthorized exfiltration was found. Network activity is confined to standard asset loading.
- EXTERNAL_DOWNLOADS (LOW): The skill utilizes loaders (e.g., GLTFLoader, TextureLoader) to fetch 3D assets from external URLs. This is the intended and standard functionality of the library for web graphics.
- DYNAMIC_EXECUTION (LOW): The skill uses ShaderMaterial and TSL to compile GPU shader code at runtime. This is a fundamental feature of Three.js and does not allow for arbitrary CPU-level code execution or privilege escalation.
- INDIRECT_PROMPT_INJECTION (INFO): The skill has an ingestion surface for external data via various 3D file formats. However, it lacks high-privilege capabilities such as shell access or file system modification, rendering the risk of model-based injection negligible.
Audit Metadata