superthread
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a CLI tool from the author's repository ('brew install steveclarke/tap/superthread'). This is a standard vendor-provided dependency.
- [COMMAND_EXECUTION]: The skill functions by executing the 'suth' command with various subcommands to manage resources on the Superthread platform.
- [CREDENTIALS_UNSAFE]: The 'suth setup' process involves handling a Superthread API key for authentication, which is an expected behavior for an API-based CLI tool.
- [PROMPT_INJECTION]: The skill processes content from an external source (Superthread), presenting an indirect prompt injection surface (Category 8).
- Ingestion points: Data is retrieved via commands like 'suth cards get' and 'suth search query' (SKILL.md).
- Boundary markers: The skill does not define specific markers to isolate external data from agent instructions.
- Capability inventory: The agent has the ability to create, update, and delete cards, spaces, and other project items.
- Sanitization: Content fetched from the platform is processed as provided without additional sanitization.
Audit Metadata