product-review
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes bash code blocks to manage configuration files and telemetry logging. Evidence: Shell scripts located in the preamble and telemetry sections of SKILL.md.
- [DATA_EXFILTRATION]: Telemetry data, including operating system details and session duration, is transmitted to a remote endpoint via curl. Evidence: The POST request logic in SKILL.md. This data transmission is governed by a user consent mechanism that allows opting out via config settings.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists because the skill reads content from untrusted local files. Ingestion points: .superstack/idea-context.md and .superstack/build-context.md. Boundary markers: The skill does not use specific delimiters or instructions to ignore embedded commands within these files. Capability inventory: The agent has shell script execution and file system write capabilities. Sanitization: No input validation or sanitization is performed on the ingested file content.
Audit Metadata