superpowers
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- NO_CODE (SAFE): The skill consists entirely of markdown documentation, pseudo-code examples, and high-level process descriptions. There are no executable scripts (e.g., .sh, .py, .js) or automated commands.
- PROMPT_INJECTION (SAFE): The instructions provide a methodology for task management and coding (e.g., 'Plan then execute') rather than attempting to override the agent's core safety protocols or system instructions.
- DATA_EXFILTRATION (SAFE): There are no network calls, credential placeholders, or commands that interact with the file system or sensitive data.
- INDIRECT PROMPT INJECTION (SAFE): While the skill describes a workflow for reviewing user-provided code (diffs), it does not include tools or executable capabilities that could be subverted by malicious input within those diffs.
Audit Metadata