Pulling Updates from Skills Repository
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill fetches and merges code from 'obra/superpowers-skills'. This source is not on the trusted list, and the merged content directly updates the agent's executable skills. Step 8 demonstrates active execution of the updated code via the 'find-skills' command.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data via git logs and file merges without boundary markers or sanitization. Combined with its ability to execute commands and write to the filesystem, malicious data in the source repository could hijack the agent's reasoning or actions.
- [COMMAND_EXECUTION] (MEDIUM): The skill utilizes bash to execute git commands and local scripts, including a verification script that could have been modified by the preceding merge operation.
- [EXTERNAL_DOWNLOADS] (LOW): Connects to external GitHub remotes to download repository updates.
Recommendations
- AI detected serious security threats
Audit Metadata