openrouter-usage
Fail
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The Python script
scripts/openrouter_usage.pycontains logic that attempts to read sensitive configuration files from hardcoded, highly specific paths on the user's local machine. - Evidence: The
load_api_keyfunction inscripts/openrouter_usage.pyprobes for.envfiles at~/Desktop/Aldea/Prompt development/Aldea-Soul-Engine/.envand~/Desktop/minoanmystery-astro/.env. It also checks~/.config/env/global.env. - Impact: This behavior is irregular for a general-purpose utility and results in the reading of potentially sensitive files that may contain unrelated secrets, which are then loaded into the script's memory and could be exposed.
- [PROMPT_INJECTION]: The skill processes data from an external API, creating a surface for indirect prompt injection.
- Ingestion points: Usage and credit data are fetched from the OpenRouter API endpoints (
/api/v1/activityand/api/v1/credits) inscripts/openrouter_usage.py. - Boundary markers: No boundary markers or delimiters are used to separate the external API data from the agent's instructions.
- Capability inventory: The skill is limited to formatting and printing reports to the standard output; it does not possess capabilities for file modification or system command execution based on this data.
- Sanitization: The script does not perform sanitization or validation of the API response content before formatting it into the usage report.
Recommendations
- AI detected serious security threats
Audit Metadata