brainstorming
Warn
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the user or agent to download multiple scripts, including
start-server.sh,index.js, andpackage.json, from an external GitHub repository (github.com/obra/superpowers) to enable the 'Visual Companion' functionality. - [REMOTE_CODE_EXECUTION]: The 'Visual Companion' feature involves executing unverified external scripts (e.g., shell and Node.js code) provided in the external repository, posing a risk of remote code execution if the source content is malicious.
- [COMMAND_EXECUTION]: The skill uses shell commands to interact with the local environment, specifically to start and stop a background web server process.
- [PROMPT_INJECTION]: The skill reads project context (files, documentation, commits) and user interaction logs from a local file (
.events) to inform its design process. The lack of explicit sanitization or structured boundary markers when processing this untrusted data creates a surface for indirect prompt injection attacks.
Audit Metadata