Skills
skills/z3nlotus/hytale-agent-skills/blockbench-mcp/Gen Agent Trust Hub

blockbench-mcp

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (MEDIUM): The installation process involves cloning code from an unverified GitHub repository (enfp-dev-studio/blockbench-mcp) and running 'pnpm install' and 'pnpm build', which can execute arbitrary code.
  • Dynamic Execution (MEDIUM): The skill configures the agent to run a Node.js script compiled from the untrusted source.
  • Privilege Escalation (LOW): Recommends installing a package manager globally, which may require administrative access.
  • Indirect Prompt Injection (LOW): The skill allows the agent to process 3D models which are untrusted data sources. Ingestion points: Blockbench project data via mcp-server (SKILL.md); Boundary markers: None; Capability inventory: creating and modifying 3D model elements; Sanitization: None documented.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:34 PM