The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses Python scripts to automate diagram generation. These scripts utilize the subprocess.run function with argument lists to invoke child processes. This implementation avoids the use of shell=True, effectively mitigating common command injection risks. The commands are limited to coordinating the skill's internal scripts.
[EXTERNAL_DOWNLOADS]: The skill communicates with the OpenRouter API (openrouter.ai) to generate and review scientific schematics. This is a well-known service, and the data exchanged is restricted to the specific prompts and images required for poster creation. No unauthorized external downloads or connections were identified.
[CREDENTIALS_UNSAFE]: The skill requires an API key for its AI features but correctly instructs users to manage this via the OPENROUTER_API_KEY environment variable or a .env file. There are no hardcoded credentials or secrets within the provided scripts or templates.
[SAFE]: The skill was evaluated against all ten threat categories, including prompt injection, data exfiltration, and obfuscation. The analysis confirms that the skill is safe for its intended use, with no detected malicious intent or security weaknesses.

pptx-posters