autopilot
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an autonomous workflow that ingests data from the repository (README, TODOs, source code) to determine its next tasks. This creates a surface for indirect prompt injection where data within the project could influence agent behavior. 1. Ingestion points: Repository files such as README, source code, and TODO markers. 2. Boundary markers: Absent for separating project content from agent instructions. 3. Capability inventory: File read/write, shell execution for build and test scripts, and Git operations. 4. Sanitization: Absent for repository-provided content.
- [COMMAND_EXECUTION]: The agent is instructed to run build, test, and lint scripts found in the local repository automatically during its loop. This is a core feature of the skill but involves executing local code defined within the project environment.
Audit Metadata