scientific-schematics
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The wrapper script
scripts/generate_schematic.pyutilizessubprocess.runwith a list of arguments rather than a shell string, which effectively mitigates the risk of command injection from user-provided prompts. - CREDENTIALS_UNSAFE (SAFE): API keys for OpenRouter are managed through environment variables or explicit CLI flags. No hardcoded credentials or secrets were found; the documentation uses standard placeholder formats.
- EXTERNAL_DOWNLOADS (SAFE): The skill identifies a dependency on the
requestslibrary, which is a standard and trusted package in the Python ecosystem. - DATA_EXFILTRATION (SAFE): The script does not access sensitive local file paths (such as SSH keys or AWS credentials) and only communicates with the designated OpenRouter API endpoint.
- PROMPT_INJECTION (SAFE): While the skill takes natural language descriptions as input, it is a primary function of the tool. The capabilities are limited to generating image files and logs, presenting a minimal attack surface for exploitable injection.
Audit Metadata