auto-reply
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill references an external dependency 'clodds/auto-reply' which is not on the trusted sources list. While not directly installing it via a script, the skill's functionality depends on this unverifiable external package.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected. The skill is designed to ingest and process untrusted user messages from chat interfaces which can trigger internal logic.
- Ingestion points: The '/autoreply test' and '/autoreply simulate' commands, as well as the runtime pattern matching engine, ingest untrusted user text (SKILL.md).
- Boundary markers: Absent. There are no delimiters or instructions provided to the agent to treat matched text as data rather than instructions.
- Capability inventory: File system access (SQLite database storage) and network capabilities (demonstrated via 'getPrice' and 'getPortfolio' async examples in SKILL.md).
- Sanitization: None detected. The skill assumes patterns and responses are safe.
- [COMMAND_EXECUTION] (LOW): The API supports dynamic response functions using asynchronous JavaScript/TypeScript logic. If the AI agent is tasked with generating or updating rules based on user-provided descriptions, it may inadvertently generate and execute malicious logic within these callbacks.
Audit Metadata