scientific-schematics

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] No evidence of malicious code in the provided documentation. The skill description and examples are coherent with the stated purpose: generating diagrams via an external AI service and saving images+review logs locally. The primary security considerations are privacy and credential handling: user prompts and generated images are transmitted to third-party services (OpenRouter/Nano Banana Pro/Gemini 3 Pro), and examples that pass API keys on the command line are insecure. Recommend verifying the actual implementation to confirm network endpoints, ensuring API keys are supplied via secure environment variables or secret managers, and reviewing the third-party service privacy/TOS before sending sensitive data. LLM verification: Based solely on the supplied documentation (no executable code), the package is a diagram-generation interface that delegates heavy work to external AI services via an OpenRouter gateway. The main security concern is privacy and supply-chain trust: user prompts and generated outputs will transit third-party infrastructure (OpenRouter and unspecified backends), and the documentation lacks details about endpoint provenance, logging, and retention. There is no direct evidence of malware or intentio