autark
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions in the README recommend installing the
autarkorautark-clipackage globally via the NPM registry. - [COMMAND_EXECUTION]: The skill primarily functions by instructing the agent to execute shell commands using the
autarkCLI to manage data models, record outreach, and start/finish work runs. - [CREDENTIALS_UNSAFE]: The CLI tool manages and accesses authentication credentials locally at
~/.autark/credentials.json, which the skill relies on for platform interactions. - [DATA_EXFILTRATION]: The skill sends collected market research data, including prospect names, emails, and bios, to the platform's API at
autark-api.kushalsokke.workers.devto populate the market-discovery loop. - [REMOTE_CODE_EXECUTION]: The documentation includes an
autark updatecommand designed to download and execute updates for the CLI tool from the vendor's remote infrastructure. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes data from untrusted external sources like web pages and repositories.
- Ingestion points: Sourcing loop (crawling sites, reading repositories, polling email threads) described in
SKILL.md. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands in external data are present.
- Capability inventory: Subprocess execution of the
autarkCLI, local file writing, and network operations for email outreach. - Sanitization: No sanitization or validation of the ingested external content is mentioned before it is processed or recorded.
Audit Metadata