The Agent Skills Directory

[SAFE]: No malicious patterns or security risks were identified. The skill's functionality is consistent with its stated purpose of generating and editing images.
[COMMAND_EXECUTION]: The skill executes a Python script scripts/generate_image.py to perform its tasks. The script uses standard libraries and interacts with the file system only to read/write images and check for API keys in .env files, which is a routine and safe practice for local development tools.
[DATA_EXFILTRATION]: Network activity is restricted to openrouter.ai, which is a well-known AI model aggregation service. The script transmits only the user-provided prompt and input image data necessary for the generation/editing process. It correctly handles the OPENROUTER_API_KEY by reading it from environment variables or local .env files without transmitting it to unauthorized destinations.
[PROMPT_INJECTION]: The skill processes user-supplied prompts as instructions for image generation. While this is a surface for indirect prompt injection, it is the primary intended function of the skill and the risks are localized to the generated output.
Ingestion points: The prompt argument passed to scripts/generate_image.py (line 125).
Boundary markers: None; the prompt is passed as a string directly to the API request payload.
Capability inventory: The script performs network requests (POST) to OpenRouter and writes image files to the local file system using the requests and open functions.
Sanitization: No specific sanitization is applied to the prompt text, which is standard for image generation tools where the model provider handles content safety.

generate-image