autopilot
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill functions as an autonomous agent that ingests and processes untrusted repository content, creating an inherent surface for indirect prompt injection.
- Ingestion points: Local repository files via Read, Grep, and Glob (SKILL.md).
- Boundary markers: The instructions do not specify the use of delimiters to isolate untrusted content.
- Capability inventory: Bash (command execution) and Write (file modification) tools (SKILL.md).
- Sanitization: No explicit content sanitization or instruction filtering is described.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute repo-native test and build commands (SKILL.md). This is a core functionality required for its intended purpose of autonomous implementation and verification.
Audit Metadata