autoresearch
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the 'uv' package manager from astral.sh and clones the autoresearch repository from its official GitHub source. All sources are well-known technology providers.\n- [REMOTE_CODE_EXECUTION]: Executes the 'uv' installation script using a shell pipe during the initial environment setup. This is the standard installation method for the trusted package manager.\n- [COMMAND_EXECUTION]: Runs training cycles, data preparation, and hardware verification using 'uv' and 'nvidia-smi' across various helper scripts provided within the repository.\n- [PROMPT_INJECTION]: Processes research instructions from 'program.md' which direct the agent's code generation and execution. Ingestion points: 'program.md'; Boundary markers: Absent; Capability inventory: Subprocess calls via 'uv run' in 'scripts/run-experiment.sh'; Sanitization: Absent. This behavior is the intended control mechanism for the researcher.
Audit Metadata