autoresearch-create
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes local Bash scripts (
autoresearch.sh,autoresearch.checks.sh) and provides a tool (run_experiment) to execute arbitrary commands for benchmarking and validation. - [PROMPT_INJECTION]: The skill includes instructions that override standard agent behavior, such as "LOOP FOREVER", "NEVER STOP", and "Never ask 'should I continue?'". These directives bypass typical human-in-the-loop checkpoints and could lead to excessive resource usage.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and acting upon external data.
- Ingestion points: The agent reads the contents of
autoresearch.mdand other project source files to derive context for its optimization tasks. - Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between the content of the files being optimized and its own system instructions.
- Capability inventory: The agent has the capability to write files, execute shell commands via subprocesses, and perform git operations.
- Sanitization: The skill lacks sanitization or validation mechanisms for the data read from external files before processing it.
Audit Metadata