Skills
skills/nousresearch/hermes-agent/touchdesigner-mcp/Gen Agent Trust Hub

touchdesigner-mcp

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The td_execute_python tool allows the execution of arbitrary Python code within the TouchDesigner environment, which provides unrestricted access to the application's resources and the host filesystem under the user's permissions.
  • [COMMAND_EXECUTION]: The td_input_execute tool allows simulating global mouse and keyboard events. Additionally, the setup.sh script executes shell-based logic to programmatically update the Hermes configuration file.
  • [EXTERNAL_DOWNLOADS]: The setup.sh script downloads a required TouchDesigner component (twozero.tox) from an external domain (404zero.com) via curl.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing data from an external environment.
  • Ingestion points: Tools such as td_read_dat, td_read_textport, and td_get_errors ingest arbitrary text and logs from TouchDesigner nodes.
  • Boundary markers: None. The skill does not implement delimiters to separate external data from system instructions.
  • Capability inventory: The agent has access to powerful tools like td_execute_python, td_write_dat, and td_input_execute.
  • Sanitization: None. Data ingested from operators is not sanitized or filtered before being presented to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 01:45 PM
Security Audit — agent-trust-hub — touchdesigner-mcp