blender-mcp
Fail
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
curlto download a Python script (addon.py) from a third-party GitHub repository (ahujasid/blender-mcp) that is not associated with a verified or trusted vendor. - [REMOTE_CODE_EXECUTION]: By instructing the user to download and install an external script for execution within Blender, the skill bypasses standard package verification and establishes a path for running remote, unverified code.
- [COMMAND_EXECUTION]: The core functionality includes an
execute_codecommand that runs arbitrary Python (bpy) code in the host's Blender environment. This provides complete control over the local process without apparent safety restrictions. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The
execute_codecommand inSKILL.mdaccepts arbitrary string input to be executed as Python. - Boundary markers: Absent. There are no instructions to the agent to treat input as untrusted or to wrap it in specific delimiters.
- Capability inventory: Arbitrary Python execution within the Blender process context.
- Sanitization: Absent. The skill provides no validation or sanitization of the Python code provided to the
blender_exechelper function.
Recommendations
- AI detected serious security threats
Audit Metadata