Pulling Updates from Skills Repository
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill performs 'git fetch' and 'git merge' from the 'obra/superpowers-skills' repository. Because this repository is not on the trusted list (e.g., vercel-labs, anthropics), it is treated as an unverifiable external source. Severity is reduced from HIGH to MEDIUM as this is the primary purpose of the skill.- [REMOTE_CODE_EXECUTION] (MEDIUM): In Step 8, the skill executes '${SUPERPOWERS_SKILLS_ROOT}/skills/using-skills/find-skills'. Since this file is part of the repository being updated, the skill effectively executes code that was just pulled from an external, untrusted source.- [COMMAND_EXECUTION] (LOW): The skill uses multiple shell commands to manage the git lifecycle (status, stash, merge, fetch). These are standard operations within the specified skill directory.- [PROMPT_INJECTION] (LOW): This skill is vulnerable to indirect prompt injection via the updated files.
- Ingestion points: Files in '~/.config/superpowers/skills' updated via git merge.
- Boundary markers: Absent; no validation is performed on the content pulled from the remote.
- Capability inventory: Subprocess execution of the 'find-skills' script and modification of local skill files.
- Sanitization: Absent; the skill trusts the integrity of the upstream repository.
Audit Metadata