superpower-zustand
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses authoritative instructional markers (e.g., "MANDATORY", "") to enforce architectural consistency for state management code. These instructions are focused on technical standards and do not attempt to bypass safety guidelines, jailbreak the agent, or extract system prompts.
- [EXTERNAL_DOWNLOADS]: The code references the 'zustand' and 'immer' libraries. These are well-known, industry-standard packages in the JavaScript/TypeScript ecosystem for state management and are considered safe dependencies.
- [DATA_EXFILTRATION]: The persistence feature relies on browser-native storage APIs (localStorage and sessionStorage) to maintain state across sessions. There are no attempts to exfiltrate sensitive data or hardcode credentials.
- [COMMAND_EXECUTION]: The skill guides the agent to perform routine file system operations, such as copying a utility file from the skill's assets to the project's library folder. These are standard development tasks with no evidence of privilege escalation or malicious system calls.
Audit Metadata