autonomous-execution
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a state-driven autonomous loop that reads instructions and task goals from external files, creating a surface for indirect prompt injection. * Ingestion points: Reads task goals, progress, and handoff instructions from
.autopilot/mission.json,.autopilot/progress.json, and.autopilot/handoff.md. * Boundary markers: Absent; the methodology does not include instructions to isolate or sanitize inputs from these files. * Capability inventory: The agent can modify the codebase, execute git commands, and spawn subagents for research and implementation. * Sanitization: Absent; data read from the state files directly influences the next task selected for execution. - [COMMAND_EXECUTION]: The methodology requires the agent to execute shell commands to manage the project state and verify changes. * Evidence: Direct instructions to run
git log,git add,git commit, andgit push. It also specifies running 'tests' as part of the implementation and verification phases.
Audit Metadata