blockbench-pbr-materials
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes external configuration files which could contain malicious instructions designed to influence the agent's behavior.\n
- Ingestion points: The
import_texture_settool ingests external data fromtexture_set.jsonfiles via user-specified paths.\n - Boundary markers: There are no specified delimiters or 'ignore' instructions for the content of the imported files.\n
- Capability inventory: The skill has file-writing capabilities through the
save_material_configtool, which can be used to persist changes to the local filesystem.\n - Sanitization: No validation or sanitization logic for the imported JSON data is defined in the skill documentation.\n- [Data Exposure & Exfiltration] (SAFE): Although the skill provides tools to read and write files (
import_texture_set,save_material_config), these are restricted to the intended purpose of managing PBR material configurations and do not show patterns of targeting sensitive system credentials or exfiltrating data to external domains.
Audit Metadata