tresjs-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard, well-known packages from the npm registry (@tresjs/core, three, @tresjs/cientos). These are the official and expected dependencies for the library described.
- [PROMPT_INJECTION] (SAFE): No patterns of prompt injection, role-play overrides, or instructions to bypass safety guidelines were found in the markdown or metadata.
- [DATA_EXFILTRATION] (SAFE): No hardcoded credentials, API keys, or access to sensitive system file paths were detected. Network activities are restricted to standard documentation links and asset loading typical for 3D applications.
- [COMMAND_EXECUTION] (SAFE): Code snippets contain standard package manager commands (npm install) and Vite configuration patterns. No suspicious shell execution or privilege escalation attempts (like sudo) are present.
- [REMOTE_CODE_EXECUTION] (SAFE): No patterns for piped remote script execution (e.g., curl | bash) or dynamic code evaluation from untrusted sources were identified.
Audit Metadata