autoresearch
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and executes the installation script for the 'uv' package manager from the official astral.sh domain.
- [REMOTE_CODE_EXECUTION]: Downloads project code from GitHub repositories maintained by Andrej Karpathy and Artem Andreenko (miolini) and executes them locally to prepare data and train models.
- [COMMAND_EXECUTION]: Uses the command line to synchronize dependencies and run Python training scripts through the 'uv' manager.
- [PROMPT_INJECTION]: The skill implements an autonomous research loop where an AI agent reads human-provided instructions to modify and execute code, creating a surface for indirect prompt injection.
- Ingestion points: The agent reads research instructions from 'program.md'.
- Boundary markers: The skill instructions do not specify explicit delimiters or warnings for the agent to ignore instructions embedded within the data.
- Capability inventory: The agent possesses the ability to read and write local files, execute shell commands via 'uv', and perform Git operations.
- Sanitization: No explicit sanitization or validation of the 'program.md' content is performed by the skill's setup instructions.
Audit Metadata