autoresearch-finalize
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local git commands and a bash script (
finalize.sh) to automate the creation and verification of feature branches. It also utilizesnodeas a JSON parser for temporary configuration data. - [DATA_EXFILTRATION]: The skill reads local repository files (
autoresearch.jsonl,autoresearch.md,autoresearch.ideas.md) to extract metrics and context for branch documentation. This access is localized to the repository and does not involve external network transmission. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external files into the agent's context.
- Ingestion points: Reads experiment notes and ideas from
autoresearch.mdandautoresearch.ideas.mdin Step 1 and Step 3. - Boundary markers: The skill lacks explicit delimiters for file content, though it includes a human approval checkpoint before the execution of the finalization script.
- Capability inventory: The skill can execute shell commands, create git branches, and modify repository state via file checkouts.
- Sanitization: Filenames and commit metadata are handled with appropriate quoting in shell commands, but natural language content is not filtered for embedded instructions.
Audit Metadata