blender-pipeline
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download official Blender binaries from 'download.blender.org', which is the authoritative distribution domain for the Blender Foundation.
- [COMMAND_EXECUTION]: Instructions include standard software installation commands using 'sudo snap' and 'sudo apt', as well as administrative tasks such as symlinking binaries and modifying the shell environment via '.bashrc'.
- [DATA_EXFILTRATION]: The documentation suggests using 'python3 -m http.server' for local file transfers between nodes. While common in development workflows, this command exposes the contents of the active directory to the network.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests external 3D files (FBX, OBJ, glTF) via scripts like 'convert_format.py' and 'render_sprite_sheet.py'. These files are processed by Blender's internal parsers without specific sanitization markers, though this is typical for 3D processing pipelines.
Audit Metadata