autogpt-agents
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill references and provides instructions to 'git clone' the AutoGPT repository from GitHub. As 'Significant-Gravitas' is not a pre-approved trusted organization, this constitutes an unverifiable external dependency.
- COMMAND_EXECUTION (LOW): The troubleshooting guide includes the use of privileged commands such as 'sudo systemctl' and 'sudo ufw allow', as well as process termination commands like 'kill -9', which pose operational risks if misused.
- DATA_EXFILTRATION (LOW): The setup instructions involve the creation and management of '.env' files which are known to store sensitive environment variables like 'DATABASE_URL' and 'REDIS_URL'.
- PROMPT_INJECTION (LOW): The skill defines a platform with a significant indirect prompt injection surface (Category 8). 1. Ingestion points: Data enters the agent context via Webhook blocks and third-party integrations (GitHub, Google, Notion). 2. Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions for external data. 3. Capability inventory: The system possesses capabilities for LLM generation, HTTP requests, and credential access. 4. Sanitization: No evidence of input sanitization or validation of external content is present in the provided skill files.
Audit Metadata