autogpt-agents
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs cloning the AutoGPT repository from GitHub (Significant-Gravitas/AutoGPT) and executing its contents via Docker and npm. While the project is well-known, the source is not in the trusted whitelist, and downloading followed by execution is a high-risk pattern. Severity reduced from HIGH due to primary purpose.
- [COMMAND_EXECUTION] (MEDIUM): Troubleshooting instructions include
sudocommands for systemctl and ufw operations, which constitute a privilege escalation vector. Severity reduced from HIGH due to primary purpose. - [PROMPT_INJECTION] (LOW): A surface for indirect prompt injection exists because the platform ingests untrusted data via webhooks and integrations (GitHub, Google, Discord). Evidence Chain: 1. Ingestion points: Webhooks and external connectors (SKILL.md). 2. Boundary markers: None specified. 3. Capability inventory: LLM generation, HTTP requests, and custom ability execution (SKILL.md). 4. Sanitization: Not documented.
- [DYNAMIC_EXECUTION] (LOW): The core architecture relies on executing modular blocks and custom Python abilities at runtime. Severity reduced from MEDIUM due to primary purpose.
Audit Metadata