vs-autopilot
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to automatically detect and execute arbitrary shell commands found in project configuration files such as
CLAUDE.md,package.json, andMakefileto perform testing, linting, and building. - [EXTERNAL_DOWNLOADS]: The instructions direct the agent to automatically resolve missing dependencies by running package managers like
npm,bun, orpipbased on project requirements. - [PROMPT_INJECTION]: The skill explicitly mandates a policy of zero human interaction ("Never ask the user anything") and provides instructions to override the interactive logic of secondary skills, bypassing standard human-in-the-loop safety protocols.
- [COMMAND_EXECUTION]: The agent systematically probes the local filesystem at
~/.claude/skills/to locate, read, and load other skill definitions to extend its functionality. - [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection where malicious instructions embedded in a project's implementation plan or metadata could be executed autonomously.
- Ingestion points: Project configuration files (
CLAUDE.md,package.json,Makefile) and the implementation plan provided via files or conversation context. - Boundary markers: Absent; the agent is instructed to follow the detected commands and plan steps directly as implementation directives.
- Capability inventory: Includes filesystem modification (branching, file writes), execution of arbitrary shell commands, and the use of network-enabled package installers.
- Sanitization: Relies on an automated 'Roast' phase to calculate a safety score, but does not perform sanitization of input data or project metadata.
Audit Metadata