The Agent Skills Directory

[COMMAND_EXECUTION]: The script 'scripts/generate_schematic.py' uses 'subprocess.run' to execute a local companion script, 'scripts/generate_schematic_ai.py'. This is a standard and legitimate method for internal tool orchestration. The command is passed as a list of arguments, which effectively mitigates the risk of shell injection.
[EXTERNAL_DOWNLOADS]: The 'scripts/generate_schematic_ai.py' script performs network requests to the OpenRouter API ('openrouter.ai') to access Large Language Models for image generation and peer-review simulation. This is an intended, core functionality of the skill. The script manages authentication securely by utilizing environment variables for the API key rather than hardcoding credentials.
[PROMPT_INJECTION]: The skill is designed to ingest and evaluate external research papers provided by the user. Although the skill does not use explicit boundary markers to delimit this untrusted data, its capabilities are confined to mathematical scoring and the generation of diagrams via a third-party API. Consequently, the surface for indirect prompt injection does not lead to any high-privilege operations or system-level risks.

scholar-evaluation