skill-autoresearch
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to orchestrate the creation of experiment workspaces and execute the target skill during the baseline and mutation loops (SKILL.md Steps 3-5).
- [EXTERNAL_DOWNLOADS]: The WebFetch tool is explicitly allowed in the skill's configuration, which enables the agent to retrieve external content from the web as part of its optimization or evaluation logic.
- [PROMPT_INJECTION]: The skill is designed to ingest and execute instructions from external SKILL.md files, creating a surface for indirect prompt injection. Evidence: 1. Ingestion points: Reads the target SKILL.md and any referenced files (SKILL.md Step 1). 2. Boundary markers: No specific delimiters or safety warnings are included to prevent the agent from being influenced by instructions inside the target file. 3. Capability inventory: Bash, Read, Write, Edit, WebFetch (SKILL.md frontmatter). 4. Sanitization: The skill does not perform any validation or sanitization of the target skill's content before processing and executing it.
Audit Metadata