peer-review

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime API calls to OpenRouter (e.g., https://openrouter.ai/api/v1 and links to https://openrouter.ai/keys) to generate images and to get review critiques whose content is parsed and used to modify prompts and drive iterative regeneration, and the OPENROUTER_API_KEY is required—so remote responses directly control prompts and are a required runtime dependency.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)