text-to-blender

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs the orchestrator to fetch and ingest public third-party content — e.g., SKILL.md and references/common-object-dimensions.md tell the agent to use mcp__blender__download_polyhaven_asset and download_sketchfab_model and to "look up the real-world dimensions from a credible source (dimensions.com, Wikipedia, manufacturer specs)" before generating code — which are untrusted/user-generated sources that the agent must read and which can materially change its actions.