scientific-slides
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (LOW): In scripts/generate_slide_image.py, the OPENROUTER_API_KEY is passed as a command-line argument to a child process using subprocess.run. On many multi-user systems, command-line arguments are visible to other users through process monitoring tools, potentially exposing the secret API key.
- COMMAND_EXECUTION (SAFE): The script scripts/generate_slide_image.py executes a companion script generate_slide_image_ai.py using subprocess.run with a list of arguments. This implementation correctly avoids shell=True, preventing shell injection vulnerabilities.
- PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface as defined in Category 8. * Ingestion points: The prompt argument and attachments in scripts/generate_slide_image.py. * Boundary markers: Absent; user input is passed to the generation script without delimiters or ignore-instructions warnings. * Capability inventory: The skill can execute Python scripts and write files to the local filesystem. * Sanitization: Absent; the prompt is passed directly to the processing logic without filtering or validation.
Audit Metadata