threejs-ops

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill provides legitimate educational content and project scaffolding for 3D web development. Analysis of the scripts and instructions reveals no attempts at prompt injection, data exfiltration, or obfuscation.\n- [EXTERNAL_DOWNLOADS]: The skill references assets and utility decoders from trusted and well-known sources.\n
  • Evidence: Downloads DRACO decoders from Google's GStatic (www.gstatic.com) and core libraries from JSDelivr (cdn.jsdelivr.net).\n
  • Evidence: The maintenance script 'scripts/check-three-facts.py' connects to the public NPM registry (registry.npmjs.org) to verify package status.\n- [COMMAND_EXECUTION]: Includes utility scripts designed for developer maintenance and automated testing.\n
  • Evidence: 'scripts/check-three-facts.py' performs network probes to check for dependency drift.\n
  • Evidence: 'tests/run.sh' executes local validation checks, including file existence, frontmatter integrity, and script functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 07:00 PM
Security Audit — agent-trust-hub — threejs-ops