openrouter-generations
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill makes network requests to
openrouter.ai(an official domain of a well-known service) to retrieve metadata and content for specific generation IDs. This behavior is consistent with the skill's stated purpose. - [CREDENTIALS_UNSAFE]: The skill requires an OpenRouter API key but does not include any hardcoded secrets. It correctly utilizes environment variables (
OPENROUTER_API_KEY) or explicit command-line flags for credential management. - [INDIRECT_PROMPT_INJECTION]: The skill exposes a potential attack surface by retrieving and displaying raw prompt and completion content from an external API.
- Ingestion points: Data is ingested in
get-generation-content.tsvia the/api/v1/generation/contentendpoint. - Boundary markers: Output is separated by clear visual markers such as
=== INPUT ===and=== OUTPUT ===. - Capability inventory: The skill's scripts are restricted to network communication with OpenRouter; they do not perform file system writes or execute shell commands based on the retrieved data.
- Sanitization: The skill prints retrieved content directly to the console without sanitization, which is expected for a debugging and inspection tool.
Audit Metadata