run-with-it
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses extensive shell commands and background process spawning (e.g.,
nohup,Start-Process) to manage a rolling pool of sub-coordinator agents. It relies on a suite of local shell (.sh,.ps1) and Python scripts for state management, dispatching, and monitoring. - [PROMPT_INJECTION]: The skill exhibits a surface for Indirect Prompt Injection by ingesting untrusted data from GitHub issue bodies, titles, and comments via the
ghtool. - Ingestion points: Data enters the context through
gh issue viewoutput which is used to build context files for Sub-Coordinator sessions inSKILL.mdStep C. - Boundary markers: The instructions specify using "task data only" guardrails and stripping imperative checklists for certain workers to prevent the agent from mistaking data for instructions.
- Capability inventory: Sub-coordinators and their child workers have significant capabilities, including file system modification within worktrees, git operations, and further shell script execution via the platform dispatcher.
- Sanitization: The skill mentions paraphrasing outcomes and summarizing criteria to sanitize the input for complexity workers, though the full body is passed to sub-coordinators.
Audit Metadata