autoresearch
Warn
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing arbitrary shell commands specified in the mission_validator_command field of a state JSON file (.omx/state/.../autoresearch-state.json). This allows the execution of arbitrary scripts or binaries as part of the validation phase.
- [PROMPT_INJECTION]: The skill ingests data from external artifacts such as mission.md, sandbox.md, and result.json to manage the research loop, which creates a surface for indirect prompt injection. Ingestion points: Files including result.json and mission.md. Boundary markers: None identified in the provided instructions to delimit untrusted data. Capability inventory: Execution of arbitrary shell commands via mission_validator_command. Sanitization: No evidence of sanitization or validation of the input data before processing or command execution.
Audit Metadata