Skills
skills/ckorhonen/claude-skills/autoresearch/Gen Agent Trust Hub

autoresearch

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The utility scripts/common.py defines a run_shell_command function that utilizes subprocess.run with shell=True to execute commands. This is used by scripts/run_experiment.py to run benchmark and check scripts (e.g., autoresearch.sh). While the use of shell=True with dynamic strings is generally a security risk, it is the intended core functionality of this skill for orchestrating developer-defined benchmarks within a local environment.
  • [COMMAND_EXECUTION]: The skill invokes local git binaries via subprocess.run in scripts/common.py to perform repository status checks and retrieve commit hashes. These are standard development operations and do not pose a security threat.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 11:39 AM