skill-autoresearch
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingests and processes 'target skill' files that may contain malicious instructions intended to override the optimizer's logic or exploit the agent's tools.
- Ingestion points: The agent reads the contents of the target
SKILL.mdand its associated reference files during the initial analysis (Step 1) and subsequent mutation loops (Step 5). - Boundary markers: The instructions lack clear delimiters or safety warnings to prevent the agent from following instructions embedded within the target skill being optimized.
- Capability inventory: The skill leverages powerful tools including
Bash,Write,Edit, andRead, which could be exploited if the agent follows malicious instructions from the target skill. - Sanitization: There is no evidence of sanitization, validation, or filtering of the target skill's content before it is processed and 'run' by the agent.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to perform 'runs' of the target skill for benchmarking and scoring purposes. This behavior facilitates the repeated execution of the target skill's logic in the agent's environment, which poses a risk if the target skill is intentionally designed to perform unauthorized system operations during the execution phase.
Audit Metadata