skills/archieindian/openclaw-superpowers/subagent-driven-development/Snyk

subagent-driven-development

Fail

Audited by Snyk on Mar 21, 2026

Risk Level: CRITICAL

Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

Potential prompt injection detected (high risk: 1.00). The launch examples include a "--permission-mode bypassPermissions" flag that attempts to override agent permission controls, which is a deceptive instruction outside the skill's stated purpose of coordinating parallel subagents.

MEDIUM W013: Attempt to modify system services in skill instructions.

Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs launching subagents with a "--permission-mode bypassPermissions" flag, which encourages bypassing security/permission controls and thus pushes the agent to compromise the machine's security posture.

Issues (2)

E004

CRITICAL

Prompt injection detected in skill instructions.

W013

MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata

Risk Level

CRITICAL

Analyzed

Mar 21, 2026, 05:55 AM

Issues

2