autoresearch
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to run evaluator scripts and experiment cycles as part of its core iterative improvement loop. It relies on commands or script references defined in 'evaluator.json' or mission specifications.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external mission specifications and evaluator outputs. Maliciously crafted mission files or evaluator responses could potentially influence the agent's logic during the loop.
- Ingestion points: Reads mission specifications from 'mission.md' and evaluator data from 'evaluator.json'.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified in the workflow.
- Capability inventory: The skill can execute shell commands (evaluators) and write files to the '.omc/autoresearch/' directory.
- Sanitization: There is no evidence of sanitization or validation of the ingested mission or evaluation data before it is used to drive the next iteration.
Audit Metadata