Skills
skills/agent-analytics/skills/agent-analytics-autoresearch/Gen Agent Trust Hub

agent-analytics-autoresearch

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it is designed to ingest and process external analytics reports and user briefs to influence its output.
  • Ingestion points: The agent reads data from brief.md and various text snapshots in the data/ directory.
  • Boundary markers: The instructions rely on standard Markdown formatting but do not include specific delimiters or instructions to ignore potential commands embedded within the external data snapshots.
  • Capability inventory: The skill possesses file-writing capabilities (results.tsv, final_variants.md) and shell execution capabilities (npx, bash scripts).
  • Sanitization: The skill processes external data content directly into the variant generation loop without explicit sanitization or validation steps.
  • [EXTERNAL_DOWNLOADS]: The skill fetches a versioned CLI tool from the vendor's official package namespace.
  • Evidence: SKILL.md and references/brief-template.md use npx --yes @agent-analytics/cli@0.5.31 to perform analytics operations. This is a vendor-owned resource pinned to a specific version.
  • [COMMAND_EXECUTION]: The skill executes local bash scripts and system binaries to initialize the environment and process data.
  • Evidence: The skill invokes scripts like scripts/init_autoresearch_run.sh and scripts/collect_agent_analytics_snapshot.sh to manage workspace setup and data collection. It also uses perl for basic text processing on command output.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 08:25 PM