Skills
skills/openrouterteam/skills/openrouter-images/Gen Agent Trust Hub

openrouter-images

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Documentation in SKILL.md instructs the user or agent to execute 'npm install' to set up dependencies and 'npx tsx' to run the TypeScript scripts.
  • [EXTERNAL_DOWNLOADS]: The skill downloads the 'tsx' package from the NPM registry and makes network requests to 'https://openrouter.ai/api/v1/chat/completions' to interact with the image generation models.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
  • Ingestion points: Untrusted data enters the agent context via the text prompt argument in 'generate.ts' and 'edit.ts', and through local image files read in 'edit.ts'.
  • Boundary markers: The scripts do not implement delimiters or specific 'ignore' instructions when interpolating user-provided text or image data into the API request body.
  • Capability inventory: The 'lib.ts' utility includes 'readFileSync' for file access, 'writeFileSync' for saving images to the local system, and 'fetch' for external network communication.
  • Sanitization: There is no evidence of validation, escaping, or filtering of the prompt or image content prior to its transmission to the model.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 09:02 AM