citation-management

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). Yes — the generate_schematic_ai.py script calls the OpenRouter API at runtime (https://openrouter.ai/api/v1/chat/completions and related openrouter.ai endpoints, with an OPENROUTER_API_KEY) to invoke remote models (Gemini) whose execution directly produces/controls the skill's outputs, and the script fails without that external service.