install-superpowers-for-kimi

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These are GitHub repositories from individual/unknown accounts that the prompt instructs you to clone and run/install (including pip install -e and custom "uv" commands) and to modify local hooks/prompts — actions that allow arbitrary code execution and local persistence, so they should be treated as suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to clone and read public GitHub repositories (e.g., https://github.com/obra/superpowers.git and https://github.com/Dqz00116/kimi-cli.git), uses injected prompt files (~/.kimi/prompts/superpowers-reminder.md) that mandate reading SKILL.md files, and the agent configs allow web tools (SearchWeb/FetchURL), so the agent will fetch and interpret untrusted, user-generated third‑party content which can directly alter its tool use and decision flow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent/user to fetch and follow remote files at runtime—most notably https://raw.githubusercontent.com/Dqz00116/kimi-with-superpowers/main/SKILL.md and git clone URLs such as https://github.com/Dqz00116/kimi-cli.git and https://github.com/obra/superpowers.git—which would be fetched during runtime, can directly control agent prompts/instructions (the SKILL.md and injected hook prompt) and/or result in executing remote code (pip install -e .), and are required for the workflow to function.