run-with-it

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill deliberately instructs disabling sandbox protections and running external agent CLIs in unattended, full-permission mode while packaging and passing rich repository/context payloads to remote models—this design explicitly enables remote code execution, exposure of credentials/environment variables, and data exfiltration by third-party agents and is therefore high-risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly re-fetches and injects GitHub issue bodies into the Sub-Coordinator context (see "Step C: ASSEMBLE SUB-COORDINATOR CONTEXT FILE" — gh issue view <n> ... and inclusion of "Full issue body" in $SUB_COORD_CONTEXT_FILE), which are untrusted, user-generated third-party contents that downstream agents will read and act on.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly requires invoking run-agent.sh with dangerouslyDisableSandbox: true and preserves flags like --dangerously-skip-permissions / --dangerously-bypass-approvals-and-sandbox, which directs the agent to bypass sandboxing and permission controls (a security-compromising action).