resume
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [DYNAMIC_EXECUTION]: The skill executes shell commands (
git checkout,cat) and a local Python script (setup_experiment.py) using variable interpolation for experiment paths ({domain},{name}). If these variables are derived from untrusted input without validation, it could lead to command injection.\n- [INDIRECT_PROMPT_INJECTION]: The skill reads content from local project files that could potentially be influenced by external data or previous automated steps, creating a surface for indirect instructions to be processed by the agent.\n - Ingestion points:
.autoresearch/{domain}/{name}/config.cfg,.autoresearch/{domain}/{name}/program.md, and.autoresearch/{domain}/{name}/results.tsv(SKILL.md).\n - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the logic when reading these files.\n
- Capability inventory: The skill possesses capabilities for Git branch manipulation, file system reads, and local script execution (SKILL.md).\n
- Sanitization: No evidence of content sanitization or structured schema validation is provided for the data read from the experiment files.
Audit Metadata