autoresearch
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill integrates with Anthropic's AI services using the official
anthropicPython client. It transmits user-provided content to Anthropic's API for the purpose of variant generation and expert scoring.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection vulnerabilities due to the way it handles input data from local files. Maliciously crafted instructions within an input file could potentially hijack the agent's logic during the optimization process. - Ingestion points: The
autoresearch.pyscript reads the full content of user-provided files through the--inputargument. - Boundary markers: The skill uses triple dashes (
---) to delimit user content within its internal prompts, which provides minimal protection against adversarial instruction injection. - Capability inventory: The skill is authorized to perform network requests to the Anthropic API and has write access to the local file system for generating reports and optimized files.
- Sanitization: There is no evidence of content filtering, escaping, or validation performed on the input text before it is sent to the LLM.
Audit Metadata