openrouter-typescript-sdk

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content is largely legitimate SDK documentation with no hidden backdoors or covert exfiltration, but it includes an explicit eval(expression) in the calculator tool example (un-sanitized execution of external input) which enables remote code execution and is a high-risk pattern; no other deliberate data-exfiltration, obfuscation, credential theft, or supply-chain attack patterns are present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly documents ingesting arbitrary external content (e.g., "Multimodal Content" showing image_url inputs like https://example.com/image.png) and includes a web_search tool example and agent workflow that instructs the model to use web_search to find information, which demonstrates the agent can fetch and act on untrusted public web/user-generated content that can influence subsequent tool use and decisions.