get-shit-done — agentic threat model
get-shit-done is a meta-prompting and context engineering utility for Claude Code that introduces risk by structuring planning and execution flows without built-in security guardrails. If compromised or fed malicious specifications, it could manipulate Claude Code into executing unauthorized local system commands.
OWASP AIVSS score rationale
| Autonomy of Action | 0.40 | |
| Goal-Driven Planning | 0.80 | |
| Self-Modification | 0.30 | |
| Dynamic Tool Use | 0.60 | |
| Persistent Memory | 0.20 | |
| Contextual Awareness | 0.80 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.60 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — designed for Claude Code, implying reliance on Anthropic's Claude models, making it susceptible to prompt injection, jailbreaks, or adversarial meta-prompt manipulation that could alter the intended spec-driven flow.
Not certain from the listing — focuses on context engineering and spec-driven development, but does not detail vector databases or training data operations, though context poisoning remains a risk during execution.
Provides meta-prompting patterns and structured planning commands for Claude Code. Vulnerabilities include prompt injection bypassing the spec-driven flow or malicious commands being executed via hijacked planning structures.
Not certain from the listing — as an open-source skill for Claude Code, it runs locally or in the user's CLI environment, meaning security relies entirely on the host machine's sandboxing and environment controls.
Not certain from the listing — no built-in logging, guardrails, or observability features are mentioned, leaving detection of malicious execution to the underlying Claude Code framework.
Not certain from the listing — being a free, open-source community skill, it lacks formal compliance certifications, identity management, or access control policies.
Not certain from the listing — while it structures agent execution, there is no explicit mention of multi-agent coordination or marketplace interactions beyond being a community-contributed skill.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).