Skills
skills/k-dense-ai/scientific-agent-skills/generate-image/Gen Agent Trust Hub

generate-image

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to openrouter.ai, which is a well-known service for accessing AI models. This interaction is necessary for the skill's core functionality and does not involve downloading executable code from untrusted sources.
  • [PROMPT_INJECTION]: The skill ingests natural language prompts to generate or edit images, creating a surface for indirect prompt injection.
  • Ingestion points: The prompt argument in scripts/generate_image.py.
  • Boundary markers: None; the prompt is passed directly into the API request payload.
  • Capability inventory: Filesystem read (input image), filesystem write (generated PNG), and network egress (API call to OpenRouter).
  • Sanitization: None; the script does not escape or validate the text prompt before transmission.
  • [CREDENTIALS_UNSAFE]: The script implements a safe method for handling API credentials by searching for an OPENROUTER_API_KEY in a local .env file or environment variables, avoiding the use of hardcoded secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 10:12 PM