skills/tumf/skills/autoresearch-agent/Snyk

autoresearch-agent

Warn

Audited by Snyk on Mar 24, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W013: Attempt to modify system services in skill instructions.

Attempt to modify system services in skill instructions detected (high risk: 0.90). This skill explicitly instructs spawning headless sub-agents using "claude --dangerously-skip-permissions", which bypasses permission checks and enables autonomous subprocesses that can modify the machine state or escalate actions beyond intended restrictions.

Issues (1)

W013

MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 24, 2026, 02:04 AM

Issues

1