skill-autoresearch

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill's primary function involves reading and iterating on local artifacts that may contain instructions, creating a surface for indirect prompt injection attacks.
  • Ingestion points: The skill reads repository files like SKILL.md, SOPs, and prompt-templates through the Read tool to establish baselines and generate improvements.
  • Boundary markers: There are no explicit instructions or delimiters used to ensure the agent ignores or sanitizes instructions embedded within the files it is analyzing.
  • Capability inventory: The agent is granted powerful capabilities including the Bash tool for running evaluations and the Write and Edit tools for modifying files in the repository.
  • Sanitization: The content of processed files is not validated or sanitized before being used to generate hypotheses or modify existing logic.
  • [COMMAND_EXECUTION]: The skill instructions require the agent to execute shell commands as part of the benchmarking process.
  • Evidence: The skill utilizes the Bash tool to run a "frozen evaluation harness," which is described in references/loop-charter-template.md as a validation script or checklist used to measure artifact performance.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:07 AM
Security Audit — agent-trust-hub — skill-autoresearch