blender-mcp

Fail

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses curl to download a Python script (addon.py) from a third-party GitHub repository (ahujasid/blender-mcp) that is not associated with a verified or trusted vendor.
  • [REMOTE_CODE_EXECUTION]: By instructing the user to download and install an external script for execution within Blender, the skill bypasses standard package verification and establishes a path for running remote, unverified code.
  • [COMMAND_EXECUTION]: The core functionality includes an execute_code command that runs arbitrary Python (bpy) code in the host's Blender environment. This provides complete control over the local process without apparent safety restrictions.
  • [INDIRECT_PROMPT_INJECTION]:
  • Ingestion points: The execute_code command in SKILL.md accepts arbitrary string input to be executed as Python.
  • Boundary markers: Absent. There are no instructions to the agent to treat input as untrusted or to wrap it in specific delimiters.
  • Capability inventory: Arbitrary Python execution within the Blender process context.
  • Sanitization: Absent. The skill provides no validation or sanitization of the Python code provided to the blender_exec helper function.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 16, 2026, 01:44 PM
Security Audit — agent-trust-hub — blender-mcp