scientific-slides
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
generate_slide_image_ai.pycommunicates with the OpenRouter API atopenrouter.aito facilitate image generation and quality assessment. OpenRouter is recognized as a well-known service for AI model inference. The interaction is limited to sending slide descriptions and receiving image data, with no untrusted code execution resulting from the response.- [COMMAND_EXECUTION]: The skill uses Python'ssubprocessmodule ingenerate_slide_image.pyto call its internal helper scriptgenerate_slide_image_ai.py. This is a routine modular design pattern for CLI-based AI tools. No arbitrary or high-privilege command execution was observed.- [PROMPT_INJECTION]: The system interpolates user-provided presentation descriptions into prompts for the AI image generation model (e.g., ingenerate_slide_image_ai.py). While this presents a standard surface for prompt injection, the risk is inherently low and limited to the semantic content of the generated slides. There are no patterns suggesting attempts to bypass core safety guardrails or perform administrative overrides.- [CREDENTIALS_UNSAFE]: The skill implements best practices for secret management by retrieving theOPENROUTER_API_KEYfrom environment variables or a.envfile rather than using hardcoded values. Placeholder text is used in documentation for user guidance.
Audit Metadata