The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/generate_schematic.py uses subprocess.run to execute an internal companion script (generate_schematic_ai.py). This execution is implemented safely using a list of arguments rather than a shell string, which avoids command injection vulnerabilities.
[SAFE]: The skill interacts with the OpenRouter API (openrouter.ai), which is a well-known service for accessing various large language and image generation models. Network requests are performed solely to generate figures and diagrams based on user-provided descriptions.
[SAFE]: API key management follows security best practices; the scripts retrieve the OPENROUTER_API_KEY from environment variables or local .env files rather than storing credentials in the code.
[SAFE]: Analysis of the skill's instructions and logic found no evidence of prompt injection, unauthorized data access, or malicious persistence mechanisms. All behaviors, including the use of Base64 encoding for image data handling, are consistent with the tool's intended scientific writing purpose.

scientific-writing