Skills
skills/roble3/cc-blender-skill/blender-materials/Gen Agent Trust Hub

blender-materials

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the mcp__blender__execute_blender_code tool to run dynamically generated Python scripts based on provided material recipes. This allows the agent to automate the creation of PBR shaders using the bpy module.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection attack surface because it interpolates untrusted user data into executable scripts.
  • Ingestion points: The skill expects the agent to replace the GEO-target placeholder with object names provided by the user in the prompt.
  • Boundary markers: There are no delimiters or warnings to ignore instructions embedded in the object names.
  • Capability inventory: The skill has the capability to execute arbitrary Python code via mcp__blender__execute_blender_code and perform shell operations via Bash.
  • Sanitization: No sanitization or escaping logic is included to prevent object names from breaking out of string literals to execute arbitrary code.
  • [EXTERNAL_DOWNLOADS]: The skill documentation includes a link to physicallybased.info, which is a well-known service providing reference values for physically-based materials. This reference is used neutrally for look-development purposes.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 08:28 PM
Security Audit — agent-trust-hub — blender-materials