threejs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill’s examples and loaders (e.g., GLTFLoader.load('model.glb'), TextureLoader.load('texture.jpg'), RGBELoader.load('environment.hdr') and the DRACOLoader decoder URL in references/threejs-loaders.md and the main code examples) explicitly fetch and parse assets from arbitrary URLs, so the agent/runtime would ingest untrusted third-party (potentially user-provided) content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls dracoLoader.setDecoderPath('https://www.gstatic.com/draco/versioned/decoders/1.5.6/'), which at runtime causes the loader to fetch and execute remote decoder code (JS/WASM) required for Draco-compressed GLTF decoding.