blender-scripting
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent on how to execute the Blender binary headlessly using flags such as
--backgroundand--python. This is the standard method for running automated scripts in a 3D pipeline and does not involve unauthorized command execution. - [DATA_EXPOSURE_AND_EXFILTRATION]: The provided code snippets demonstrate reading and writing 3D asset files (.blend, .obj, .fbx, .glb) on the local filesystem. These operations are restricted to project-specific directories (e.g.,
/tmp/exports) and do not target sensitive system files or attempt to transmit data over the network. - [INDIRECT_PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection because it iterates through and prints object names and metadata from external .blend files. A maliciously crafted 3D file could contain instruction-like strings that an agent might erroneously follow if it processes the terminal output without sanitization.
- Ingestion points: The skill uses
bpy.ops.wm.open_mainfileto load external data andbpy.data.objectsto read object properties. - Boundary markers: No explicit delimiters or instruction-bypass warnings are used in the example templates.
- Capability inventory: The skill possesses filesystem write capabilities (
os.makedirs,bpy.ops.wm.save_as_mainfile) and external process execution (Blender CLI). - Sanitization: There is no evidence of sanitization or filtering for data read from the files before it is printed to the standard output.
Audit Metadata