The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The blender_socket_addon.py file contains an execute_code handler that utilizes the Python exec() function. This handler executes arbitrary code strings received over a TCP socket connection. Although this is a documented feature of the skill to allow for complex scene manipulations, it represents a significant security risk if the socket is exposed to untrusted inputs.
[COMMAND_EXECUTION]: The skill instructions in SKILL.md frequently use the nodes.run tool to execute shell commands and Python scripts on a target system. This includes starting the Blender socket server and running client scripts to interact with external APIs.
[EXTERNAL_DOWNLOADS]: The polyhaven.py and sketchfab.py scripts facilitate the downloading of 3D models, textures, and HDRI files from the official Poly Haven (api.polyhaven.com) and Sketchfab (api.sketchfab.com) APIs. These are recognized, well-known services for 3D assets and the downloads are documented for their primary purpose.
[DYNAMIC_EXECUTION]: In blender_socket_addon.py, the skill implements a custom command routing system where the execute_code function dynamically executes Python code at runtime. This pattern is identified as a dynamic execution risk because it transforms data received over the network into executable instructions.

blender-interactive