scientific-schematics
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to prompt injection because it interpolates user-controlled strings directly into the AI system prompt without sanitization. In
scripts/generate_schematic_ai.py, theuser_promptis appended to a block of guidelines, which could allow an attacker to override scientific instructions. - Ingestion points: The
promptcommand-line argument inscripts/generate_schematic.py. - Boundary markers: Absent.
- Capability inventory: File system write (images and JSON logs), network requests to OpenRouter API, and subprocess execution.
- Sanitization: None; the input is used verbatim.
- [COMMAND_EXECUTION]: The wrapper script
scripts/generate_schematic.pyusessubprocess.runto invoke internal Python scripts with arguments derived from user input. Additionally, documentation inreferences/README.mdandreferences/QUICK_REFERENCE.mdencourages users to manually modify shell profiles like~/.bashrcto store API keys. - [EXTERNAL_DOWNLOADS]: The skill requires the
requestslibrary and performs network operations targeting the OpenRouter API athttps://openrouter.ai/api/v1to generate and review scientific schematics. - [DATA_EXFILTRATION]: The
_load_env_filefunction inscripts/generate_schematic_ai.pyrecursively searches for.envfiles in parent directories up to five levels deep. This behavior can lead to the accidental exposure of sensitive environment variables if the skill is executed within a nested directory structure containing unrelated secrets.
Audit Metadata