The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The execute_blender_code tool allows the execution of arbitrary Python scripts within the Blender process. This provides a direct path for the agent to execute unvetted code on the host machine where Blender is running.- [EXTERNAL_DOWNLOADS]: The documentation instructs users to download a Python script (addon.py) from a third-party GitHub repository (github.com/ahujasid/blender-mcp) and install it as an extension. This introduces a supply chain risk as the content of the script is not hosted by a trusted vendor.- [COMMAND_EXECUTION]: The skill uses uvx blender-mcp to launch the MCP server, which dynamically downloads and executes unversioned code from a public registry at runtime, potentially leading to the execution of malicious updates.- [PROMPT_INJECTION]: The skill processes untrusted network discovery data (CDP/LLDP) from network devices without explicit sanitization or boundary markers. This data enters the agent context via the pyats-run or suzieq-show integration and could contain malicious instructions designed to exploit the arbitrary code execution capability of the Blender tool.

blender-3d-viz