autoresearch

Warn

Audited by Snyk on Jun 29, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). The skill’s runtime workflow includes “Search literature” via web-access tools (e.g., web_search_exa, Semantic Scholar, arXiv) and then “Save everything to literature/” as readable summaries, which means fetched outsider-authored web/page text can be ingested into the agent’s LLM context during retrieval/summarization.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (low risk: 0.30). The prompt requires the agent to create persistent background activity (set up a 10-minute cron job and an autonomous loop), create and modify workspace files and git history, and send reports — i.e., it changes host state and runs persistent processes — but it does not request sudo, privileged system-file edits, or creating new user accounts, so it's a moderate-but-not-high risk.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 29, 2026, 12:54 AM
Issues
2
Security Audit — snyk — autoresearch