autoresearch
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it autonomously fetches and synthesizes content from external websites.
- Ingestion points: Data enters the agent context through the WebFetch tool while processing search results for user-provided topics as defined in the Research Loop section of SKILL.md.
- Boundary markers: The instructions do not define delimiters or provide 'ignore embedded instructions' warnings to prevent the agent from potentially obeying malicious commands found within the retrieved web content.
- Capability inventory: The skill has the capability to perform iterative web searches and write multiple Markdown files to various subdirectories within the local wiki/ directory.
- Sanitization: There is no mention of sanitization, filtering, or validation of the external content before it is processed, synthesized, and stored in the knowledge base.
Audit Metadata