Skills
skills/foryourhealth111-pixel/vibe-skills/superclaude-framework-compat/Gen Agent Trust Hub

superclaude-framework-compat

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The file command-map.json contains hardcoded absolute file paths (e.g., C:\Users\羽裳\.codex\...) that expose sensitive system metadata, specifically a local username from the author's development environment.
  • [COMMAND_EXECUTION]: Usage instructions in SKILL.md recommend executing PowerShell scripts with the -ExecutionPolicy Bypass flag. This encourages users to circumvent local security configurations that are intended to restrict the execution of untrusted scripts.
  • [PROMPT_INJECTION]: The router script scripts/sc-router.ps1 accepts arbitrary user arguments and concatenates them directly into a recommended agent prompt (/vibe <user_input>). This creates a surface for indirect prompt injection, as malicious input provided to the script could be used to manipulate the agent's behavior when the resulting prompt is executed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 02:47 AM