auto-research
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The core logic of the skill involves the agent generating shell scripts (such as
autoresearch.shandautoresearch.checks.sh) and executing them to measure performance and verify correctness during autonomous loops. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external data (repository code, test results, and benchmark outputs) to drive its decision-making process. This vulnerability is inherent to autonomous agents that modify and execute code based on environmental feedback.
- Ingestion points: The agent reads the contents of the target repository and the results of generated benchmark scripts.
- Boundary markers: The skill encourages structured reporting in
autoresearch.mdbut does not define explicit boundary markers or instructions to ignore malicious directives embedded in processed files. - Capability inventory: The agent is instructed to use file patching, script creation, and shell command execution via terminal tools.
- Sanitization: There is no instruction for sanitizing or escaping the content of processed files before they are used to influence the agent's logic.
Audit Metadata