Skills
skills/proyecto26/autoresearch-ai-plugin/autoresearch-ml/Gen Agent Trust Hub

autoresearch-ml

Warn

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [DYNAMIC_EXECUTION]: The assets/prepare.py script uses pickle.load() to load the tokenizer. If an attacker manages to replace the tokenizer.pkl file with a malicious payload, they could achieve arbitrary code execution on the user's system when the skill is run.
  • [COMMAND_EXECUTION]: The skill is designed to execute shell scripts (autoresearch.sh) and python scripts (train.py, prepare.py) autonomously in a loop. While these scripts are part of the skill's template, they perform significant system operations including GPU monitoring and package synchronization.
  • [PROMPT_INJECTION]: The SKILL.md and assets/program.md contain instructions such as 'LOOP FOREVER', 'Never ask "should I continue?"', and 'The loop runs until the user interrupts you, period.' These instructions are designed to override the agent's standard conversational boundaries and maintain persistence in the execution environment without ongoing user consent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 7, 2026, 10:09 PM