Skills
skills/obra/superpowers/using-superpowers/Gen Agent Trust Hub

using-superpowers

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill employs extremely forceful language (e.g., "ABSOLUTELY MUST", "not negotiable", "not optional") to mandate the use of external instructions. It explicitly commands the agent to disregard its own internal reasoning—such as the need for more context or the perceived simplicity of a task—characterizing these as "Red Flags" to be ignored.
  • [PROMPT_INJECTION]: The skill creates a broad surface for indirect prompt injection. By instructing the agent to invoke external skills for any task with even a "1% chance" of applicability, it mandates the ingestion of potentially untrusted content before the agent can perform its own safety or relevance evaluations.
  • Ingestion points: Platform-specific skill invocation tools (Claude Code's Skill, Copilot CLI's skill, Gemini CLI's activate_skill) which load local file content.
  • Boundary markers: Absent; the instructions tell the agent to "follow skill exactly."
  • Capability inventory: The tool mappings confirm access to file read/write, shell execution, and subagent spawning across all platforms.
  • Sanitization: No validation or sanitization logic is described for the loaded skill content.
  • [COMMAND_EXECUTION]: The mapping files (Codex, Copilot CLI, Gemini CLI) document the agent's capability to execute arbitrary shell commands via tools such as bash and run_shell_command. The references/codex-tools.md file specifically provides shell scripts for environment detection using git rev-parse.
  • [REMOTE_CODE_EXECUTION]: The Codex platform mapping describes a "Named agent dispatch" process that involves reading prompt templates from local markdown files, dynamically filling placeholders, and spawning new worker agents. This runtime assembly and execution of agent logic constitutes dynamic execution.
  • [DATA_EXFILTRATION]: The mapping files explicitly list tools with network capabilities, including web_fetch, google_web_search, and web_search. These platform-provided tools are identified as core components of the skill's operational environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 10:06 AM