The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is designed to autonomously generate and execute shell scripts (autoresearch.sh, autoresearch.checks.sh) in a continuous loop. While intended for benchmarking and testing, this provides a mechanism for arbitrary command execution within the agent's environment.
[DATA_EXFILTRATION]: The skill performs broad read operations across the 'files in scope' to gather context for optimization. If sensitive files (like .env or configuration files) are accidentally included in the scope, their content is processed by the agent. While no direct exfiltration to a remote URL is hardcoded, the automated nature of the loop increases the risk of data being summarized or moved during the experimentation process.
[COMMAND_EXECUTION]: The skill uses git checkout -- . and git clean -fd to revert changes between experiments. While standard for this workflow, automated destructive git operations can lead to data loss if the working directory contains uncommitted work not related to the experiment.
[INDIRECT_PROMPT_INJECTION]: The skill reads external files and process outputs (benchmark logs, test results) and interpolates them into the next step of the hypothesis-driven loop. This creates a surface where malicious content in a file being optimized or a specifically crafted benchmark output could influence the agent's logic for the next iteration.
Ingestion points: autoresearch.md, autoresearch.jsonl, run.log, checks.log, and all files defined in 'Files in Scope'.
Boundary markers: The skill uses markdown headers and structured JSONL, but lacks explicit 'ignore instructions' delimiters for the content of the files being optimized.
Capability inventory: Full filesystem access (within git), subprocess execution via bash scripts, and the ability to modify and commit code.
Sanitization: None observed; the agent is instructed to read source files 'deeply' to formulate new hypotheses.

autoresearch