blender
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation suggests an MCP server integration using the command
npx -y @ahujasid/blender-mcp. This involves downloading and executing code from an unverified third-party developer on the NPM registry. - [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of arbitrary Python code within the Blender process using flags such as
--pythonand--python-expr, as well as a dedicatedblender_execute_scripttool. This creates a significant surface for executing dynamically generated code. - [COMMAND_EXECUTION]: The skill relies on executing the
blenderbinary via shell commands for rendering, scene management, and batch processing. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ingestion of external script data and 3D model files.
- Ingestion points: Scripts processed by the
blender_execute_scripttool and model files loaded viablender_import_model. - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the provided templates.
- Capability inventory: The skill has access to the
bpyAPI and system modules likeosandglobfor file operations. - Sanitization: There is no evidence of input validation or script sanitization before execution.
Audit Metadata