scientific-slides
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runto execute internal scripts and system tools. Specifically,scripts/validate_presentation.pyinvokespdflatexfor document compilation, whilescripts/generate_schematic.pyandscripts/generate_slide_image.pywrap calls to secondary AI generation scripts. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to
openrouter.ai(a well-known service) to generate images and schematics based on user descriptions. This is the intended primary function of the skill. - [CREDENTIALS_UNSAFE]: Documentation provides instructions for managing an
OPENROUTER_API_KEY. It correctly recommends using environment variables and provides safe placeholders (e.g., "your_api_key_here") in examples, following secure coding practices. - [PROMPT_INJECTION]: Indirect injection risk exists as the skill ingests and processes untrusted data from user-supplied PDF and PowerPoint files (in
scripts/pdf_to_images.pyandscripts/validate_presentation.py). While these files are processed using standard libraries (PyMuPDF,python-pptx,PyPDF2), the absence of specific sanitization or boundary markers on document content means instructions embedded in a processed presentation could theoretically target the agent, though the associated capabilities are localized to conversion and validation tasks. - Ingestion points:
scripts/pdf_to_images.py,scripts/validate_presentation.py(user-supplied PDF and PPTX files). - Boundary markers: None identified for processed document content.
- Capability inventory:
subprocess.run(shell command execution) inscripts/validate_presentation.pyandscripts/generate_schematic.py. - Sanitization: Standard libraries are used for file parsing, but no custom sanitization for embedded natural language instructions is present.
Audit Metadata