feature-dev-loop
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides explicit instructions to install a suite of plugins from a third-party source not identified as a trusted vendor. It directs users to the repository
github.com/obra/superpowersand suggests adding a custom marketplaceobra/superpowers-marketplace. Installing executable extensions from unverified third-party sources is a security risk. - [PROMPT_INJECTION]: The skill serves as a high-level orchestrator that ingests untrusted data (user requests, requirements, and repository content) and interpolates it into instructions for subagents. This architecture is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: User-provided requirements, source requests, repository context, and feedback collected during the plan and acceptance review phases.
- Boundary markers: While the skill suggests providing reviewers with "precise context," it lacks robust delimiters or "ignore instructions" safety prompts when passing this external data to subagents.
- Capability inventory: The skill possesses significant capabilities, including file system modifications, repository analysis via
gitandrg, and the ability to dispatch and control multiple subagents with potentially powerful toolsets. - Sanitization: There is no evidence of input validation or sanitization before external data is used to drive the orchestration logic or subagent tasks.
Audit Metadata