Skills
NYC
skills/drshailesh88/integrated_content_os/scientific-slides/Gen Agent Trust Hub

scientific-slides

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE] (MEDIUM): In generate_slide_image.py, the OPENROUTER_API_KEY is passed to a child process via subprocess.run as a command-line argument (--api-key). On multi-user systems, command-line arguments of active processes are often readable by any user via process monitoring tools (e.g., ps, top), leading to credential exposure.
  • [COMMAND_EXECUTION] (SAFE): The script generate_slide_image.py uses subprocess.run with an argument list rather than a shell string, which is a safe practice that prevents shell injection attacks.
  • [EXTERNAL_DOWNLOADS] (SAFE): The scripts documentation recommends installing Pillow and pymupdf. These are well-established, trusted packages from the Python Package Index (PyPI).
  • [INDIRECT_PROMPT_INJECTION] (LOW): The script pdf_to_images.py processes external PDF files. While there is a potential for malformed PDFs to target vulnerabilities in the parsing library (PyMuPDF), the script itself only performs image rendering and does not exhibit high-risk capabilities like network exfiltration or arbitrary code execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:20 PM