threejs-textures

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill loads arbitrary external assets (e.g., THREE.TextureLoader.load("texture.jpg"), THREE.CubeTextureLoader.load([...]), RGBELoader.load("environment.hdr"), EXRLoader.load("environment.exr"), video.src = "video.mp4", and the TexturePool.get(url) that calls loader.load(url)) which clearly fetches and ingests untrusted third‑party content (images/videos/HDRs) as part of its runtime workflow.