feature-dev-loop

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides explicit instructions to install a suite of plugins from a third-party source not identified as a trusted vendor. It directs users to the repository github.com/obra/superpowers and suggests adding a custom marketplace obra/superpowers-marketplace. Installing executable extensions from unverified third-party sources is a security risk.
  • [PROMPT_INJECTION]: The skill serves as a high-level orchestrator that ingests untrusted data (user requests, requirements, and repository content) and interpolates it into instructions for subagents. This architecture is vulnerable to indirect prompt injection (Category 8).
  • Ingestion points: User-provided requirements, source requests, repository context, and feedback collected during the plan and acceptance review phases.
  • Boundary markers: While the skill suggests providing reviewers with "precise context," it lacks robust delimiters or "ignore instructions" safety prompts when passing this external data to subagents.
  • Capability inventory: The skill possesses significant capabilities, including file system modifications, repository analysis via git and rg, and the ability to dispatch and control multiple subagents with potentially powerful toolsets.
  • Sanitization: There is no evidence of input validation or sanitization before external data is used to drive the orchestration logic or subagent tasks.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 01:17 AM
Security Audit — agent-trust-hub — feature-dev-loop