openrouter-models
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires a setup step involving
npm installto download necessary development dependencies, primarilytsxfor executing TypeScript files. - [DATA_EXFILTRATION]: The skill interacts with the official OpenRouter API at
openrouter.ai. This communication is essential for the skill's purpose of retrieving model data. TheOPENROUTER_API_KEYis handled securely via an environment variable rather than being hardcoded. - [COMMAND_EXECUTION]: The skill executes local TypeScript scripts using
npx tsx. These scripts are part of the skill's distribution and perform structured data processing and API calls. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: Data is ingested from the OpenRouter API through
fetchApiinscripts/lib.ts. - Boundary markers: The scripts output raw JSON data to the terminal; it is expected that the agent will interpret this structured data.
- Capability inventory: The scripts have the capability to perform network requests (
fetch) and process command-line arguments. - Sanitization: The skill uses standard JSON parsing (
res.json()) to handle API responses and does not interpolate untrusted data directly into executable code.
Audit Metadata