executing-plans
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured to execute a specific shell script (
setup-superpower-loop.sh) located within the plugin's root directory. It passes parameters, including paths resolved from user arguments, to this script to initialize a continuous execution loop. - [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection because it reads and processes external data from local Markdown files and incorporates that content into prompts for subagents without sanitization.
- Ingestion points: The skill reads
_index.mdand varioustask-*.mdfiles from thedocs/plans/directory to define the scope and logic of tasks. - Boundary markers: While the skill uses Markdown headers (e.g.,
## Task Assignment) to separate content, it lacks explicit defensive delimiters or instructions to the LLM to disregard potentially malicious instructions embedded within the task files. - Capability inventory: The skill has the ability to manage tasks via
TaskUpdate, spawn subagents using theAgenttool, and execute restricted shell commands viaBash. - Sanitization: There is no evidence of validation or sanitization of the content extracted from the plan files before it is interpolated into the mandatory prompt templates used for subagent assignments.
Audit Metadata