The Agent Skills Directory

[COMMAND_EXECUTION]: The wrapper script scripts/generate_schematic.py uses subprocess.run to call the core generation logic. This execution is implemented safely by passing arguments as a list rather than a single string, which effectively prevents command injection vulnerabilities. Manual review of the static analyzer hint confirms the usage is benign.\n- [EXTERNAL_DOWNLOADS]: The skill communicates with the OpenRouter API (openrouter.ai) to generate and review scientific images. These network operations are essential for the skill's primary function and target a well-known service endpoint.\n- [CREDENTIALS_UNSAFE]: The skill requires an OPENROUTER_API_KEY. The implementation and accompanying documentation correctly instruct the user to provide this via environment variables or a .env file, which is the standard and recommended practice for secret management in developer tools.\n- [SAFE]: A thorough review of all scripts and reference documentation revealed no evidence of prompt injection, data exfiltration, obfuscation, or persistence mechanisms. The use of Base64 is restricted to legitimate image processing tasks.

scientific-schematics