auto-research

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The core logic of the skill involves the agent generating shell scripts (such as autoresearch.sh and autoresearch.checks.sh) and executing them to measure performance and verify correctness during autonomous loops.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external data (repository code, test results, and benchmark outputs) to drive its decision-making process. This vulnerability is inherent to autonomous agents that modify and execute code based on environmental feedback.
  • Ingestion points: The agent reads the contents of the target repository and the results of generated benchmark scripts.
  • Boundary markers: The skill encourages structured reporting in autoresearch.md but does not define explicit boundary markers or instructions to ignore malicious directives embedded in processed files.
  • Capability inventory: The agent is instructed to use file patching, script creation, and shell command execution via terminal tools.
  • Sanitization: There is no instruction for sanitizing or escaping the content of processed files before they are used to influence the agent's logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 02:47 AM
Security Audit — agent-trust-hub — auto-research