threejs-aaa-graphics-builder
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to 'capture or inspect active desktop/mobile screenshots' for visual scoring purposes. While this is the intended functionality for art critique, it involves the ingestion of potentially sensitive information from the user's active environment into the agent's context.
- [DATA_EXFILTRATION]: Instructions include running a 'director credential probe' to verify API key availability for external asset generators. The agent is directed to report the 'SET/MISSING' status; while this is a standard status check, users should ensure the underlying tool does not expose actual secrets in its output.
- [PROMPT_INJECTION]: The skill processes screenshots, which are untrusted external data inputs. Because the agent is also instructed to modify or create project source files (e.g., in
src/assets/andsrc/systems/), this creates an indirect prompt injection surface where visual content could influence code generation. - Ingestion points: Desktop and mobile screenshots (referenced in SKILL.md and references/visual-scorecard.md).
- Boundary markers: No specific delimiters or 'ignore instructions' warnings are mentioned for the visual processing phase.
- Capability inventory: The skill has the capability to write and modify files throughout the project structure (referenced in references/implementation-blueprint.md).
- Sanitization: There are no documented sanitization or validation steps for the content derived from screenshots.
Audit Metadata