threejs-loaders

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill demonstrates loading and parsing assets from arbitrary URLs (e.g., loader.load("model.glb"), textureLoader.load("texture.jpg"), fetch("model.glb"), manager.setURLModifier(...)) and even reads gltf.asset and gltf.userData, so it clearly ingests untrusted/public third-party content (including CDN paths like the DRACO and KTX2 URLs) that the agent would read/interpret.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill sets decoder/transcoder paths to remote resources (https://www.gstatic.com/draco/versioned/decoders/1.5.6/ and https://cdn.jsdelivr.net/npm/three@0.160.0/examples/jsm/libs/basis/), which are fetched at runtime to load/execute decoder code (WASM/JS) required for DRACO/KTX2 decompression, so these URLs supply remote executable components the skill relies on.