run-with-it

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses extensive shell commands and background process spawning (e.g., nohup, Start-Process) to manage a rolling pool of sub-coordinator agents. It relies on a suite of local shell (.sh, .ps1) and Python scripts for state management, dispatching, and monitoring.
  • [PROMPT_INJECTION]: The skill exhibits a surface for Indirect Prompt Injection by ingesting untrusted data from GitHub issue bodies, titles, and comments via the gh tool.
  • Ingestion points: Data enters the context through gh issue view output which is used to build context files for Sub-Coordinator sessions in SKILL.md Step C.
  • Boundary markers: The instructions specify using "task data only" guardrails and stripping imperative checklists for certain workers to prevent the agent from mistaking data for instructions.
  • Capability inventory: Sub-coordinators and their child workers have significant capabilities, including file system modification within worktrees, git operations, and further shell script execution via the platform dispatcher.
  • Sanitization: The skill mentions paraphrasing outcomes and summarizing criteria to sanitize the input for complexity workers, though the full body is passed to sub-coordinators.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 04:28 PM
Security Audit — agent-trust-hub — run-with-it