autoresearch
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from user-provided files and interpolates it into prompts for the Anthropic API without sufficient sanitization.\n
- Ingestion points: The
autoresearch.pyscript reads text from the file path passed to the--inputargument.\n - Boundary markers: While the script uses
---delimiters in prompts to separate instructions from the content, it does not provide explicit directives to the model to ignore instructions embedded within the content.\n - Capability inventory: The skill possesses capabilities to read local files, write new files to the
data/directory, and perform network requests to the Anthropic API.\n - Sanitization: No sanitization or filtering logic was identified for the input content prior to its inclusion in the model prompts.\n- [COMMAND_EXECUTION]: The skill requires the execution of the
autoresearch.pyscript to perform its core functions. The script interacts with the local file system and network, which is expected for its stated purpose.\n- [EXTERNAL_DOWNLOADS]: The skill specifies theanthropiclibrary in itsrequirements.txtfile, which is downloaded from the official Python Package Index (PyPI) during installation. This is a standard and safe dependency.\n- [DATA_EXFILTRATION]: The skill sends content from the input files to the Anthropic API (api.anthropic.com) for processing. This network communication is a necessary component of the skill's optimization workflow.
Audit Metadata