llm-infrastructure
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill includes utility scripts like
fetch-openrouter-models.pyandvalidate_llm_config.py. These scripts are transparent in their operation, performing legitimate tasks such as fetching model pricing from the OpenRouter API or scanning local code for deprecated model names and hardcoded keys. No malicious execution patterns were found. - EXTERNAL_DOWNLOADS (SAFE): The
fetch-openrouter-models.pyscript makes network requests toopenrouter.ai, a standard service for LLM access. The documentation mentions external packages likepromptfooandarize-phoenix, which are well-known tools in the AI observability and evaluation space. - CREDENTIALS_UNSAFE (SAFE): The provided scripts correctly use environment variables (e.g.,
OPENROUTER_API_KEY) and avoid hardcoding secrets. Furthermore, thevalidate_llm_config.pytool is specifically designed to detect and warn users about hardcoded credentials in their own projects, enhancing security posture. - DATA_EXPOSURE (SAFE): While
validate_llm_config.pyreads local source files, it does so to identify security anti-patterns and does not transmit the contents externally. The information fetched from OpenRouter is non-sensitive model metadata.
Audit Metadata