blender-web-pipeline
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python scripts and shell commands designed to automate Blender via its command-line interface. These scripts perform file system operations, such as directory creation and file reading/writing, to facilitate batch processing and model optimization.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it is designed to ingest and process untrusted external data in the form of Blender .blend files.
- Ingestion points: Scripts like 'batch_export.py' and documentation in 'SKILL.md' describe workflows that read .blend files from user-specified directories.
- Boundary markers: There are no explicit markers or instructions within the scripts to handle or ignore potentially malicious embedded scripts or metadata within the processed files.
- Capability inventory: The skill has the capability to execute Blender operations (via 'bpy'), manage the filesystem (via 'os'), and run shell commands as part of the automation pipeline.
- Sanitization: The provided scripts do not perform validation or sanitization of input file paths or the contents of the 3D models being processed.
Audit Metadata