Skills
skills/akillness/oh-my-skills/autoresearch/Gen Agent Trust Hub

autoresearch

Fail

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the uv package manager installer from Astral's official domain and clones the research repository from GitHub.
  • [COMMAND_EXECUTION]: Executes shell scripts for setup, hardware checks, and loop management, including the execution of the uv installer script and training commands via the command line.
  • [REMOTE_CODE_EXECUTION]: Implements an autonomous loop where the agent modifies Python code in train.py and executes it to perform machine learning experiments.
  • [PROMPT_INJECTION]: The skill processes directives from a human-authored program.md file, creating a surface for indirect prompt injection.
  • Ingestion points: program.md (read by the agent as its research charter).
  • Boundary markers: Absent; there are no explicit delimiters or instructions to ignore potential commands within the directives.
  • Capability inventory: The skill supports file writes, Git operations, shell command execution through multiple scripts, and arbitrary Python execution via uv run.
  • Sanitization: No validation or filtering of the input directives is performed before they are used to guide the agent's actions.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 19, 2026, 02:13 AM