threejs-loaders

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md shows runtime loading and parsing of arbitrary external assets (e.g., loader.load("model.glb"), fetch("model.glb")/arrayBuffer, manager.setURLModifier(...) and external CDN paths like the DRACOLoader decoder), and it explicitly reads/uses gltf.userData and traverses model nodes to change scene behavior, so untrusted third‑party content could influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill configures runtime decoder/transcoder paths that will fetch and execute third-party decoder code required to decode compressed assets — e.g. https://www.gstatic.com/draco/versioned/decoders/1.5.6/ (DRACOLoader.setDecoderPath) and https://cdn.jsdelivr.net/npm/three@0.160.0/examples/jsm/libs/basis/ (KTX2Loader.setTranscoderPath) — so remote code is fetched and executed at runtime as a required dependency for DRACO/KTX2 decoding.