superagent-cli
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill operates entirely through the
superagentcommand-line utility, using it to manage repositories, worktrees, and terminals (e.g.,superagent status,superagent worktree create,superagent terminal send). - [DATA_EXFILTRATION]: The skill exposes sensitive data access points through browser and terminal automation features.
- Evidence:
superagent cookie get: Retrieves browser cookies.superagent terminal read: Accesses terminal output history.superagent snapshotandsuperagent screenshot: Captures page content and visual state.superagent capture start: Intercepts console and network logs.- [REMOTE_CODE_EXECUTION]: The skill includes commands for dynamic code execution within the browser environment.
- Evidence:
superagent eval --expression <js>: Executes arbitrary JavaScript in the page context.superagent exec --command ...: Executes instructions via the automation engine's command surface.- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes untrusted data from external sources.
- Ingestion points: Terminal output (
terminal read), accessibility trees (snapshot), and network/console logs (console,network). - Boundary markers: Absent. The instructions do not specify the use of delimiters or warnings to ignore instructions embedded in the ingested content.
- Capability inventory: The agent can modify the filesystem (
worktree create/rm), interact with terminals (terminal send), and perform browser actions (goto,click,eval,cookie delete). - Sanitization: Absent. There is no requirement to sanitize or validate content before processing.
Audit Metadata