using-superpowers

The manifest is not itself malware and contains no direct network calls or hard-coded secrets. However, it materially increases supply-chain and operational risk by requiring the agent to invoke external skill code whenever there is even a minimal chance a skill might apply, with no stated permission model, least-privilege constraints, or data-sensitivity protections. That forced behavior expands the attack surface and makes credential harvesting or data exfiltration by third-party skills more likely if such skills are malicious or insufficiently audited. Recommend adding explicit guards: user consent prompts for sensitive data, scoped permissions for skills, vetting/code-signing of skills, sandboxing, logging/auditing of skill invocations, and clear rules prohibiting forwarding of secrets to skills.