swain-doctor
Fail
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions directing the agent to "ALWAYS invoke this skill at the START of every session," which attempts to override default session behavior and establish the skill as a persistent startup routine.- [REMOTE_CODE_EXECUTION]: The skill explicitly prompts the user to install external code via
npx skills add obra/superpowers, which involves downloading and executing software from a third-party source not included in the trusted vendors list.- [COMMAND_EXECUTION]: The skill uses theevalcommand inreferences/platform-cleanup.mdto process environment variables and paths defined in a JSON configuration file, which can lead to arbitrary command execution if the input strings are manipulated.- [COMMAND_EXECUTION]: The skill performs broad and potentially destructive filesystem operations, including the recursive deletion (rm -rf) of various directories and mass modification of script execution permissions (chmod +x) across the project.- [EXTERNAL_DOWNLOADS]: The documentation identifies and recommends the installation of several external tools (e.g.,jq,uv,gh,fswatch) usingbrew install, which triggers remote software downloads.- [DATA_EXFILTRATION]: The skill extracts the absolute filesystem path of the repository usinggit rev-parse --show-topleveland uses it to generate a project-specific slug for creating persistent cache directories in the user's home folder, thereby exposing local environment metadata.
Recommendations
- AI detected serious security threats
Audit Metadata