Skills
skills/arjenschwarz/agentic-coding/make-it-so/Gen Agent Trust Hub

make-it-so

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill is designed to ingest task specifications from the output of the rune CLI and implement them directly. This creates an attack surface where a malicious task specification could lead the agent to perform unauthorized actions.\n
  • Ingestion points: Task definitions retrieved via rune next --phase --format json in SKILL.md.\n
  • Boundary markers: Absent. The skill provides no delimiters to distinguish between the agent's system instructions and the untrusted task data.\n
  • Capability inventory: Full file system access, git command execution, and recursive tool invocation (e.g., design-critic, efficiency-optimizer).\n
  • Sanitization: Absent. The agent is explicitly commanded to "implement all the remaining tasks" and "implement all subtasks".\n- Command Execution (SAFE): The skill uses git and the rune CLI to perform legitimate development workflows. These actions are consistent with the skill's stated purpose and do not appear to be used for malicious privilege escalation or persistence.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:39 PM