threejs-loaders

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill shows multiple runtime asset-loading paths that fetch and parse arbitrary external URLs (e.g., GLTFLoader.load("model.glb"), TextureLoader.load("texture.jpg"), fetch(...)/arrayBuffer parsing, manager.setURLModifier, and remote decoder paths like gstatic/jsdelivr), and it directly reads/interprets loaded GLTF content (including gltf.userData), so it consumes untrusted third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill sets decoder/transcoder paths to remote resources (https://www.gstatic.com/draco/versioned/decoders/1.5.6/ and https://cdn.jsdelivr.net/npm/three@0.160.0/examples/jsm/libs/basis/), which are fetched at runtime to load/execute decoder code (WASM/JS) required for DRACO/KTX2 decompression, so these URLs supply remote executable components the skill relies on.