autoresearch
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the platform-specific
opencommand to display a generated HTML dashboard in the user's browser. - [EXTERNAL_DOWNLOADS]: The generated dashboard includes a reference to the Chart.js library hosted on a public CDN, which is a well-known service used for data visualization.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes user-provided test inputs and evaluation criteria to autonomously modify other agent skills. Ingestion points: User-defined target skill path, test inputs, and evaluation criteria in SKILL.md. Boundary markers: No explicit delimiters or isolation instructions are used to separate untrusted user data from the skill's logic. Capability inventory: The agent is authorized to read and write local files, execute other agent skills, and run shell commands. Sanitization: The skill does not perform validation or sanitization of external content before incorporating it into the optimization process.
Audit Metadata