superpowers-brainstorming
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes Bash scripts (
start-server.sh,stop-server.sh) and a Node.js server script (server.js) to provide a visual interface. These scripts run locally to manage the server lifecycle, allocate ports, and handle session directories. - [PROMPT_INJECTION]: The skill architecture creates a surface for indirect prompt injection by ingesting data from browser-based user interactions.
- Ingestion points: Browser click events and text selections are sent via WebSockets to the local server, which appends them to a
.eventsfile. The agent is instructed to read this file to incorporate user feedback into the session. - Boundary markers: The skill does not define explicit delimiters or use specific instructions to ensure the agent ignores potentially malicious commands embedded in the event data.
- Capability inventory: The skill has capabilities to write files to the local system, commit changes to a Git repository, and execute the companion server scripts.
- Sanitization: The server implementation parses JSON payloads from the WebSocket connection but does not perform sanitization on the string values before recording them to the filesystem or logging them to standard output.
- [EXTERNAL_DOWNLOADS]: The documentation for the visual companion suggests the inclusion of external resources, such as images from Unsplash, to enhance mockups. This indicates the agent or the companion interface may perform network requests to fetch these remote assets.
Audit Metadata