skill-autoresearch
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill's primary function involves reading and iterating on local artifacts that may contain instructions, creating a surface for indirect prompt injection attacks.
- Ingestion points: The skill reads repository files like
SKILL.md,SOPs, andprompt-templatesthrough theReadtool to establish baselines and generate improvements. - Boundary markers: There are no explicit instructions or delimiters used to ensure the agent ignores or sanitizes instructions embedded within the files it is analyzing.
- Capability inventory: The agent is granted powerful capabilities including the
Bashtool for running evaluations and theWriteandEdittools for modifying files in the repository. - Sanitization: The content of processed files is not validated or sanitized before being used to generate hypotheses or modify existing logic.
- [COMMAND_EXECUTION]: The skill instructions require the agent to execute shell commands as part of the benchmarking process.
- Evidence: The skill utilizes the
Bashtool to run a "frozen evaluation harness," which is described inreferences/loop-charter-template.mdas a validation script or checklist used to measure artifact performance.
Audit Metadata