research-grants
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/generate_schematic.pyutilizessubprocess.runto invoke a local helper script,scripts/generate_schematic_ai.py, which manages the image generation workflow. This is a standard architectural pattern for modularizing the skill's functionality. - [EXTERNAL_DOWNLOADS]: The schematic generation tool in
scripts/generate_schematic_ai.pyperforms network requests to the OpenRouter API (openrouter.ai). OpenRouter is a well-known service used to facilitate access to various large language models for generating and reviewing publication-quality diagrams. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection within the
scripts/generate_schematic_ai.pyscript. (1) Ingestion Points: User-provided diagram descriptions are accepted as input. (2) Boundary Markers: No explicit delimiters or boundary instructions are utilized during string interpolation. (3) Capability Inventory: The tool performs network operations to an external API and handles local file writes for image data. (4) Sanitization: No input validation or escaping is applied to the user-supplied prompt before it is incorporated into the LLM system message. This is noted as an inherent risk in LLM-integrated features.
Audit Metadata