setup
Warn
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the 'superpowers' plugin from a third-party GitHub repository (github.com/obra/superpowers). If the user confirms the recommendation, the agent executes the installation command via the plugin marketplace.
- [COMMAND_EXECUTION]: The skill executes shell commands to create the project's directory structure, such as 'mkdir -p beat/changes' and 'mkdir -p beat/features'.
- [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection by reading and summarizing data from untrusted manifest files.
- Ingestion points: Scans local files including package.json, Cargo.toml, go.mod, and various test configuration files.
- Boundary markers: No specific markers or delimiters are used to isolate the data read from these files during processing.
- Capability inventory: The skill has permissions to create directories and write the beat/config.yaml file to the disk.
- Sanitization: The skill does not perform sanitization or validation on the content of the manifest files before using it to detect the project stack.
Audit Metadata