superpower-zustand
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill uses authoritative overrides such as 'MANDATORY', 'REQUIRED', and 'CRITICAL' to force the agent to abandon standard library patterns in favor of this specific implementation. This is a behavioral override attempt.
- Metadata Poisoning (MEDIUM): The description and frontmatter use deceptive language to claim the skill is a mandatory architectural standard. This can lead an agent to believe it is a system-level requirement rather than an optional utility.
- Indirect Prompt Injection (LOW): The skill creates a vulnerability surface by ingesting user requests regarding state management and performing file-write operations.
- Ingestion points: User prompts mentioning 'state', 'Zustand', or 'store'.
- Boundary markers: None. The skill does not instruct the agent to ignore instructions embedded within the state data it might process.
- Capability inventory: The agent is encouraged to create and modify files (e.g.,
src/lib/storebuilder.ts) based on provided templates. - Sanitization: No explicit sanitization or validation of the data being placed into the stores is defined.
- External Downloads (SAFE): The implementation relies on the standard and trusted 'zustand' package.
Audit Metadata