autoresearch

The skill claims to run autonomous experiments on a codebase and its instructions explicitly use git, edit files, run arbitrary user-specified commands, and read/write project files — which is coherent with the described purpose. One minor inconsistency: the registry metadata lists no required binaries, but correct operation implicitly requires git and whatever binaries the user-specified run_command uses (python, make, npm, etc.).

SKILL.md stays on-purpose: it asks the agent to (1) obtain a clear protocol from the user, (2) only modify explicitly-declared target files, (3) commit changes, run the user-provided command, extract a metric, and record results. It does allow the agent to run arbitrary run_command and arbitrary extract commands provided by the user (which is expected) and to read target and read-only files for context.

No install spec or code files are included (instruction-only), so nothing will be downloaded or written by an installer. This minimizes install-time risk.

The skill declares no required environment variables or credentials, which matches the instruction-only design. However, actual experiments will typically depend on binaries and possibly credentials (e.g., dataset access, package registries, cloud resources) that are not declared — the user must supply or ensure those exist. The skill does not itself request unrelated secrets.

always:false (no forced inclusion) and default autonomous invocation is unchanged. The skill's allowed-tools (exec, sessions_spawn, read, write, edit, grep, find, ls) grant it the ability to modify repository files and run arbitrary processes — appropriate for the task but high-privilege in practice. The skill does not request persistent system-wide modifications in its instructions.