Getting Started with Skills
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The
skill-runscript executes files based on a path provided as a command-line argument. It constructs the target path by prepending a skills root directory but fails to validate that the resulting path remains within that directory. This allows for path traversal (e.g., using../../sequences) to execute arbitrary system binaries or other executable files outside the intended scope. - [PROMPT_INJECTION]:
SKILL.mdcontains instructional overrides using high-pressure language such as 'Critical Rules', 'YOU MUST', and warnings that the agent 'will fail' if it does not comply. These instructions are designed to bypass standard agent decision-making and force the adoption of instructions found in external skill files. - [DATA_EXFILTRATION]: The
find-skillsscript records all search patterns provided by the user into a local file at~/.config/superpowers/search-log.jsonl. While the logging is local, this creates an unencrypted repository of potentially sensitive user queries over time. - [COMMAND_EXECUTION]: The
find-skillsscript searches for skills by searching the content of files on disk usinggrep. While it uses the--separator to prevent flag injection, the logic encourages the agent to ingest and follow instructions from any file found matching a search pattern.
Audit Metadata