meshyai
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands and Node.js to manage environment variables, verify the existence of local configuration files, and execute asset generation scripts.- [EXTERNAL_DOWNLOADS]: Fetches 3D model assets from the Meshy AI platform (assets.meshy.ai) and uses the npx package runner to download the @gltf-transform/cli utility for mesh optimization.- [REMOTE_CODE_EXECUTION]: Employs npx to dynamically load and execute the @gltf-transform/cli package, which is a standard utility for processing 3D files.- [CREDENTIALS_UNSAFE]: Manages the MESHY_API_KEY by instructing the agent to read from or write to a local .env file, consistent with standard secret management practices for local development environments.- [PROMPT_INJECTION]: The skill ingests user-provided text prompts to generate 3D models. While this presents an indirect injection surface, the instructions focus on providing these strings as parameters to a specialized generation script.
Audit Metadata