blender-interactive

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High-risk: the skill intentionally exposes an unauthenticated JSON-over-TCP control channel with an "execute_code" handler that provides arbitrary Python execution, can be bound to non‑local interfaces, and includes startup scripts/systemd instructions—creating a straightforward backdoor/RCE vector usable for data exfiltration, credential theft, and persistent remote compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill clearly fetches and ingests public, user-provided assets and metadata from third-party APIs (scripts/polyhaven.py calls https://api.polyhaven.com and scripts/sketchfab.py calls https://api.sketchfab.com), and the SKILL.md workflows show the agent searching/downloading those assets and reading their metadata/files to drive Blender import/apply steps — meaning untrusted external content is read and can influence subsequent tool actions.