blender-impl-addons

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly includes network-fetching code (e.g., "Network Access" section and "Example 5: Asset Downloader" — downloader.py in references/examples.md) that calls urllib.request.urlopen or requests.get on arbitrary URLs and returns/uses the fetched content as part of the extension workflow, so it clearly ingests untrusted third-party content that can influence behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (low risk: 0.30). The prompt includes commands that modify the host (e.g., "sudo snap install blender", installing/building and writing extensions, and running install-file), so it encourages state-changing operations, but it does not instruct the agent to escalate privileges, bypass security mechanisms, modify system config files, or create user accounts, so the risk is moderate-low.