scientific-writing
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/generate_schematic.pyusessubprocess.runto execute an internal Python script (scripts/generate_schematic_ai.py). The implementation uses a list of arguments and omits theshell=Trueparameter, which prevents shell injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill's image and schematic generation scripts (
scripts/generate_image.pyandscripts/generate_schematic_ai.py) communicate with the OpenRouter API (openrouter.ai). OpenRouter is a well-known service for accessing AI models, and these operations are essential for the skill's stated purpose of providing visual enhancements to scientific documents. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests data from external research sources (via
research-lookup) and incorporates user input into prompts for image generation. However, this is a common architectural pattern for such tools. Evidence details: - Ingestion points: Research data from the
research-lookupskill and user-defined schematic descriptions. - Boundary markers: Absent in the
SKILL.mdinstructions. - Capability inventory: Network requests to AI model providers and file system writes for outputting images.
- Sanitization: No explicit sanitization is performed on input strings beyond the standard safe argument handling of
subprocess.run.
Audit Metadata