blender-mcp
Warn
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The setup instructions require the user to download a Python script (
addon.py) from an external GitHub repository (ahujasid/blender-mcp) that is not affiliated with the skill's author or a trusted organization. - [REMOTE_CODE_EXECUTION]: The skill's core functionality is to execute arbitrary Python code (
bpy) within a running Blender instance via a TCP socket, which could be leveraged to run malicious code if the agent is manipulated. - [COMMAND_EXECUTION]: The
execute_codecommand provides a mechanism for running unrestricted Blender Python commands, which can interact with the host's file system and network resources. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes code strings for the
execute_codetool without implementing sanitization, validation, or boundary markers. (Ingestion points:execute_codeparameter inSKILL.md; Boundary markers: Absent; Capability inventory: Arbitrary Python execution in Blender with file system and network access; Sanitization: Absent)
Audit Metadata