autoresearch

SUSPICIOUS. The skill's core purpose matches prompt optimization, and there is no clear credential theft or exfiltration path. However, its explicit autonomous loop ('NEVER STOP'), ability to read arbitrary skill/reference content and then modify files, and browser-opening behavior make it a high-risk agent capability. The CDN dependency is official and low risk, but the autonomy and indirect prompt-injection exposure push the overall classification above benign.