Sharing Skills
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses standard bash commands for git operations and the GitHub CLI. These are consistent with its purpose and are not used maliciously.
- [DATA_EXPOSURE] (SAFE): The skill's operations are confined to its local configuration directory (~/.config/superpowers/skills/) and do not involve sensitive files or secrets.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill uses variables in shell commands. While this presents a theoretical surface for injection if an agent populates them with malicious strings, the usage is standard for template-based automation. Evidence: 1. Ingestion: 'skill_name' variable in SKILL.md. 2. Boundaries: Delimiters are not used for variables. 3. Capabilities: git and gh command execution. 4. Sanitization: None.
Audit Metadata