research-grants
Warn
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill mandates the use of a local Python script (
scripts/generate_schematic.py) to generate scientific diagrams. The instructions label this as a mandatory step for completing a grant proposal, which involves executing code on the local system. - [EXTERNAL_DOWNLOADS]: The schematic generation tool (
scripts/generate_schematic_ai.py) makes network requests to the OpenRouter API (openrouter.ai) to interact with image generation and language models. - [CREDENTIALS_UNSAFE]: The scripts require an
OPENROUTER_API_KEY. While the skill correctly suggests using a.envfile for secret management, the script logic also permits passing the API key as a command-line flag, which can expose secrets in process history or logs. - [INDIRECT_PROMPT_INJECTION]: The skill accepts arbitrary user input as a diagram description and incorporates it into a prompt sent to an external AI model.
- Ingestion points: The
promptargument ingenerate_schematic.pyprovided by the user. - Boundary markers: The script uses a standard prompt template (
SCIENTIFIC_DIAGRAM_GUIDELINES) but does not apply strict delimiters or escaping to the user-supplied description. - Capability inventory: The agent has access to
Bash,Read,Write, andEdittools, as well as the ability to execute the provided Python scripts. - Sanitization: No sanitization is performed on the user-provided prompt before it is sent to the external API.
Audit Metadata