speckle-impl-blender
Warn
Audited by Snyk on May 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's required "Load from Model" workflow (references/methods.md and SKILL.md) explicitly fetches Speckle project/model content from a Speckle server via a project/model URL or selection, and converts that user-generated/untrusted model and its material/property data into Blender objects—content that the connector must parse and which directly determines object creation and material/instancing behavior.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata