threejs-ops
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill provides legitimate educational content and project scaffolding for 3D web development. Analysis of the scripts and instructions reveals no attempts at prompt injection, data exfiltration, or obfuscation.\n- [EXTERNAL_DOWNLOADS]: The skill references assets and utility decoders from trusted and well-known sources.\n
- Evidence: Downloads DRACO decoders from Google's GStatic (www.gstatic.com) and core libraries from JSDelivr (cdn.jsdelivr.net).\n
- Evidence: The maintenance script 'scripts/check-three-facts.py' connects to the public NPM registry (registry.npmjs.org) to verify package status.\n- [COMMAND_EXECUTION]: Includes utility scripts designed for developer maintenance and automated testing.\n
- Evidence: 'scripts/check-three-facts.py' performs network probes to check for dependency drift.\n
- Evidence: 'tests/run.sh' executes local validation checks, including file existence, frontmatter integrity, and script functionality.
Audit Metadata